Solved Rootkit trouble

broni · 2010/11/03

Please, re-run TDSSKiller and post fresh log.

Dari · 2010/11/04

2010/11/04 16:15:56.0171 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/04 16:15:56.0171 ================================================================================
2010/11/04 16:15:56.0171 SystemInfo:
2010/11/04 16:15:56.0171
2010/11/04 16:15:56.0171 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/04 16:15:56.0171 Product type: Workstation
2010/11/04 16:15:56.0171 ComputerName: DARIUS
2010/11/04 16:15:56.0171 UserName: Kia
2010/11/04 16:15:56.0171 Windows directory: C:\WINDOWS
2010/11/04 16:15:56.0171 System windows directory: C:\WINDOWS
2010/11/04 16:15:56.0171 Processor architecture: Intel x86
2010/11/04 16:15:56.0171 Number of processors: 2
2010/11/04 16:15:56.0171 Page size: 0x1000
2010/11/04 16:15:56.0171 Boot type: Normal boot
2010/11/04 16:15:56.0171 ================================================================================
2010/11/04 16:16:03.0453 Initialize success
2010/11/04 16:16:11.0250 ================================================================================
2010/11/04 16:16:11.0250 Scan started
2010/11/04 16:16:11.0250 Mode: Manual;
2010/11/04 16:16:11.0250 ================================================================================
2010/11/04 16:16:13.0234 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/04 16:16:13.0296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/04 16:16:13.0375 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/04 16:16:13.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/04 16:16:13.0500 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/04 16:16:13.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/04 16:16:13.0609 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/04 16:16:13.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/04 16:16:13.0750 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/04 16:16:13.0781 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/04 16:16:13.0796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/04 16:16:14.0062 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/04 16:16:14.0078 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/04 16:16:14.0125 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/04 16:16:14.0187 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/04 16:16:14.0218 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/04 16:16:14.0250 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/04 16:16:14.0328 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/04 16:16:14.0343 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/04 16:16:14.0359 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/04 16:16:14.0468 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/04 16:16:14.0546 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/04 16:16:14.0718 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/04 16:16:14.0828 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/04 16:16:14.0859 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/04 16:16:14.0921 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/04 16:16:15.0000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/04 16:16:15.0046 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/04 16:16:15.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/04 16:16:15.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/04 16:16:15.0218 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/04 16:16:15.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/04 16:16:15.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/04 16:16:15.0343 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/04 16:16:15.0359 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/04 16:16:15.0390 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/04 16:16:15.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/04 16:16:15.0531 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/04 16:16:15.0562 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/04 16:16:15.0734 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/11/04 16:16:15.0765 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/04 16:16:15.0796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/04 16:16:15.0906 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/04 16:16:16.0109 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/04 16:16:16.0343 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/04 16:16:16.0375 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/04 16:16:16.0437 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/04 16:16:16.0468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/04 16:16:16.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/04 16:16:16.0578 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/04 16:16:16.0703 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/04 16:16:16.0750 fcdabus (8afd80fa4d00075cbffd77f12411a381) C:\WINDOWS\system32\DRIVERS\fcdabus.sys
2010/11/04 16:16:16.0796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/04 16:16:16.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/04 16:16:16.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/04 16:16:16.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/04 16:16:17.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/04 16:16:17.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/04 16:16:17.0078 FVXSCSI (ef1db93645ffea9f657d632d830e6040) C:\WINDOWS\system32\DRIVERS\fvxscsi.sys
2010/11/04 16:16:17.0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/04 16:16:17.0234 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/04 16:16:17.0296 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2010/11/04 16:16:17.0625 hcmon (a7a9a3700bc6cf244d6fe79e62752c23) C:\WINDOWS\system32\Drivers\hcmon.sys
2010/11/04 16:16:17.0703 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/04 16:16:17.0781 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/04 16:16:17.0828 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/04 16:16:17.0890 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/04 16:16:17.0953 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/04 16:16:18.0015 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/04 16:16:18.0078 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/04 16:16:18.0109 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/04 16:16:18.0156 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/04 16:16:18.0187 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/04 16:16:18.0390 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/04 16:16:18.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/04 16:16:18.0625 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/04 16:16:18.0703 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/04 16:16:18.0781 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/04 16:16:18.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/04 16:16:18.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/04 16:16:18.0859 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/04 16:16:18.0890 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/04 16:16:18.0921 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/04 16:16:19.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/04 16:16:19.0031 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/04 16:16:19.0093 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/04 16:16:19.0125 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/04 16:16:19.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/04 16:16:19.0281 KProcWatch (9b82ac6f7b178628b46fcbb89f09aa87) C:\WINDOWS\system32\drivers\KProcWatch.sys
2010/11/04 16:16:19.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/04 16:16:19.0437 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010/11/04 16:16:19.0515 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/11/04 16:16:19.0578 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/04 16:16:19.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/04 16:16:19.0703 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/04 16:16:19.0718 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/04 16:16:19.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/04 16:16:19.0781 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/04 16:16:19.0859 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
2010/11/04 16:16:19.0906 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/04 16:16:19.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/04 16:16:20.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/04 16:16:20.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/04 16:16:20.0140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/04 16:16:20.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/04 16:16:20.0265 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/04 16:16:20.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/04 16:16:20.0375 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/04 16:16:20.0406 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/04 16:16:20.0484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/04 16:16:20.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/04 16:16:20.0562 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/04 16:16:20.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/04 16:16:20.0656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/04 16:16:20.0687 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/04 16:16:20.0718 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/04 16:16:20.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/04 16:16:20.0828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/04 16:16:20.0906 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/11/04 16:16:20.0921 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/04 16:16:21.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/04 16:16:21.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/04 16:16:21.0156 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/04 16:16:21.0250 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/04 16:16:21.0281 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/04 16:16:21.0328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/04 16:16:21.0375 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/04 16:16:21.0421 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/04 16:16:21.0437 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/04 16:16:21.0484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/04 16:16:21.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/04 16:16:21.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/04 16:16:21.0718 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/04 16:16:21.0828 phc700 (c0f3e9b56a8622afa551f293e76879f7) C:\WINDOWS\system32\DRIVERS\phc700.sys
2010/11/04 16:16:21.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/04 16:16:22.0015 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/04 16:16:22.0031 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/04 16:16:22.0078 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/04 16:16:22.0125 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/04 16:16:22.0156 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/04 16:16:22.0171 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/04 16:16:22.0218 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/04 16:16:22.0265 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/04 16:16:22.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/04 16:16:22.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/04 16:16:22.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/04 16:16:22.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/04 16:16:22.0390 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/04 16:16:22.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/04 16:16:22.0468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/04 16:16:22.0562 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/04 16:16:22.0593 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/04 16:16:22.0671 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2010/11/04 16:16:22.0796 sasdifsv (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/04 16:16:22.0875 sasenum (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/04 16:16:22.0890 saskutil (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/04 16:16:22.0984 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/11/04 16:16:23.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/04 16:16:23.0203 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/04 16:16:23.0234 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/04 16:16:23.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/04 16:16:23.0390 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/04 16:16:23.0468 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/04 16:16:23.0562 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/04 16:16:23.0609 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/04 16:16:23.0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/04 16:16:23.0734 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2010/11/04 16:16:23.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/04 16:16:23.0875 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/04 16:16:23.0968 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
2010/11/04 16:16:24.0031 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
2010/11/04 16:16:24.0062 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
2010/11/04 16:16:24.0156 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/11/04 16:16:24.0250 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/04 16:16:24.0281 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/04 16:16:24.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/04 16:16:24.0437 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/04 16:16:24.0484 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/04 16:16:24.0546 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/04 16:16:24.0562 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/04 16:16:24.0593 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/04 16:16:24.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/04 16:16:24.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/04 16:16:24.0796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/04 16:16:24.0875 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/04 16:16:24.0921 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/04 16:16:24.0968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/04 16:16:25.0015 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/04 16:16:25.0093 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/04 16:16:25.0203 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/04 16:16:25.0296 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/04 16:16:25.0312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/04 16:16:25.0390 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/04 16:16:25.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/04 16:16:25.0500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/04 16:16:25.0578 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/04 16:16:25.0687 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/04 16:16:25.0703 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/04 16:16:25.0734 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/11/04 16:16:25.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/04 16:16:25.0828 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/04 16:16:25.0859 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/04 16:16:25.0937 vmkbd (dd45769ea8197c1b07da1abaa6997e4f) C:\WINDOWS\system32\drivers\VMkbd.sys
2010/11/04 16:16:25.0968 VMnetAdapter (f68c99f41c3cf6e1c3c542fadd2e20cf) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
2010/11/04 16:16:26.0000 VMnetBridge (121fbda3a14f0744a8c213d3e9f14d63) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
2010/11/04 16:16:26.0031 VMnetuserif (7ba770b04984fd8b1be541d6df94d620) C:\WINDOWS\system32\drivers\vmnetuserif.sys
2010/11/04 16:16:26.0093 vmusb (cd379a617fce2910a71a2dcca4f6b126) C:\WINDOWS\system32\Drivers\vmusb.sys
2010/11/04 16:16:26.0203 vmx86 (d3d8bc682d3a965288c7978b0e856d28) C:\WINDOWS\system32\Drivers\vmx86.sys
2010/11/04 16:16:26.0281 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/04 16:16:26.0421 vstor2 (9e4ff401725fe6a26d8fe492bf0ea2b1) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
2010/11/04 16:16:26.0546 vstor2-ws60 (256318cdef640ad2062754871bc96bfc) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2010/11/04 16:16:26.0593 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/04 16:16:26.0656 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/04 16:16:26.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/04 16:16:26.0843 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/04 16:16:26.0921 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/04 16:16:27.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/04 16:16:27.0453 ================================================================================
2010/11/04 16:16:27.0453 Scan finished
2010/11/04 16:16:27.0453 ================================================================================

broni · 2010/11/04

Please, delete GMER and Combofix files, download fresh ones, run both tools and post new logs.

Dari · 2010/11/05

Going to be away till tomorrow, I'll do it then.

broni · 2010/11/05

Ok

Dari · 2010/11/06

GMER ran just fine, it took much longer this time around, but did finish, but combofix was more problematic. It insisted that Avast was running, and there was apparently one Avast related service running, which I stopped, but it still said that it was running. I tried to disable from running on startup in msconfig and services.msc, but both gave me access denied errors. I ran combofix anyway, and it bluescreened at some point. GMER fixed the BIOS error on startup where I got "Keyboard failed" every time, so now I can use my keyboard when booting up again. Anyway, here is the GMER log.

GMER 1.0.15.15507 - http://www.gmer.net
Rootkit scan 2010-11-06 19:38:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JS-75NCB1 10.02E01
Running: fut8i0ye.exe; Driver: C:\PROGRA~1\Java\JDK16~1.0_1\bin\pwtdapog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA8879CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA8879BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA887A160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA887A08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA8879782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA8879C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA88796C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA8879726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA8879DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA887A22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA8879D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA8879EE6]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[760] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2960] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Kia\Desktop\fut8i0ye.exe[6120] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1096] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005B0002
IAT C:\WINDOWS\system32\services.exe[1096] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005B0000
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1476] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbhub \Device\00000083 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000084 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000085 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\USB_RNDIS \Device\{05275D64-D213-446D-B97C-A4BEE5CED5FF} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000007f hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000082 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\Fastfat \Fat A6444D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x50 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x0A 0x33 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x9D 0x92 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x39 0x3C 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBB 0xDB 0xB5 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x4B 0xF4 0x7B 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xDD 0xF6 0x65 0xB1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32@ C:\WINDOWS\system32\geeda.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32@ThreadingModel Both

---- Files - GMER 1.0.15 ----

File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\pslogit.m 775 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test1.m 2932 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test10.m 11385 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test11.m 7517 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test12.m 2047 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test13.m 1305 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test14.m 1831 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test2.m 491 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test3.m 3719 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test4.m 1338 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test5.m 1630 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test6.m 1160 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test7.m 1555 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test8.m 4885 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\test9.m 3060 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\testall.m 3955 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\MATLAB\Required\tests\teststats.m 1584 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\3D Engines 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\3D Engines\Photoshop3DEngine.8BI 749568 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\ADM 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\ADM\ADMPlugin.apl 1380352 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Automate 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Automate\CropPhotosAuto.8LI 15872 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Automate\HDRMergeUI.8BF 1986560 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Automate\WIASupport.8LI 65536 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ja.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ja.lproj\Localizable.strings 3850 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\cs.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\cs.lproj\Localizable.strings 3599 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\da.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\da.lproj\Localizable.strings 3517 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\de.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\de.lproj\Localizable.strings 3658 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\en_US.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\en_US.lproj\Localizable.strings 3364 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\es.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\es.lproj\Localizable.strings 3652 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\fi.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\fi.lproj\Localizable.strings 3457 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\fr.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\fr.lproj\Localizable.strings 3585 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\hu.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\hu.lproj\Localizable.strings 3682 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\it.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\it.lproj\Localizable.strings 3492 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ko.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ko.lproj\Localizable.strings 3567 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\nl.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\nl.lproj\Localizable.strings 3478 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\no.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\no.lproj\Localizable.strings 3467 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\pl.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\pl.lproj\Localizable.strings 3772 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\pt_BR.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\pt_BR.lproj\Localizable.strings 3713 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ro.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ro.lproj\Localizable.strings 3624 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ru.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\ru.lproj\Localizable.strings 5018 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\sv.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\sv.lproj\Localizable.strings 3416 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\tr.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\tr.lproj\Localizable.strings 3624 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\uk.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\uk.lproj\Localizable.strings 4992 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\zh_CN.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\zh_CN.lproj\Localizable.strings 3196 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\zh_TW.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digiread\zh_TW.lproj\Localizable.strings 3161 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\DigiRead.8bf 1051648 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ja.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ja.lproj\Localizable.strings 7599 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\cs.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\cs.lproj\Localizable.strings 6923 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\da.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\da.lproj\Localizable.strings 6681 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\de.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\de.lproj\Localizable.strings 7212 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\en_US.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\en_US.lproj\Localizable.strings 6391 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\es.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\es.lproj\Localizable.strings 6931 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\fi.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\fi.lproj\Localizable.strings 6663 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\fr.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\fr.lproj\Localizable.strings 6858 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\hu.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\hu.lproj\Localizable.strings 7192 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\it.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\it.lproj\Localizable.strings 6843 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ko.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ko.lproj\Localizable.strings 7041 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\nl.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\nl.lproj\Localizable.strings 6884 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\no.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\no.lproj\Localizable.strings 6521 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\pl.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\pl.lproj\Localizable.strings 7099 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\pt_BR.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\pt_BR.lproj\Localizable.strings 7046 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ro.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ro.lproj\Localizable.strings 7225 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ru.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\ru.lproj\Localizable.strings 9786 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\sv.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\sv.lproj\Localizable.strings 6572 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\tr.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\tr.lproj\Localizable.strings 7038 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\uk.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\uk.lproj\Localizable.strings 10169 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\zh_CN.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\zh_CN.lproj\Localizable.strings 6230 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\zh_TW.lproj 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\Digisign\zh_TW.lproj\Localizable.strings 6270 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Digimarc\Win\DigiSign.8bf 1202176 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Effects 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Effects\Filter Gallery.8BF 4067328 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Extensions 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Extensions\FastCore.8BX 36864 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Extensions\MMXCore.8BX 225280 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Extensions\MultiProcessor Support.8BX 278528 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Extensions\ScriptingSupport.8li 2449408 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\BMP.8BI 38912 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\Cineon.8BI 28672 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\Dicom.8BI 3678208 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\FilmStrip.8BI 15872 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\FXG.8BI 184320 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\GIF.8BI 25600 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\IFF Format.8BI 31232 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\OpenEXR.8BI 823296 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\PBM.8BI 18944 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\PCX.8BI 21504 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\Pixar.8BI 14336 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\PNG.8BI 98304 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\Radiance.8BI 19456 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\Targa.8BI 26624 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\U3D.8BI 7737344 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\File Formats\WBMP.8BI 12800 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lens Flare.8BF 94208 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Average.8BF 13824 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\ChannelPort.8BF 19456 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Clouds.8BF 23040 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Color Halftone.8BF 34816 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\CropPhotos.8BF 118784 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Crystallize.8BF 86016 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\De-Interlace.8BF 18944 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Displace.8BF 53248 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Extrude.8BF 36864 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Fibers.8BF 73728 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lens Blur.8BF 2109440 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lens Correction.8BF 2207744 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\2 O'clock Spotlight 64 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Blue Omni 64 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Circle of Light 148 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Crossing 92 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Crossing Down 92 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Default 64 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Five Lights Down 176 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Five Lights Up 176 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Flashlight 64 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Flood Light 64 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Parallel Directional 92 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\RGB Lights 120 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Soft Direct Lights 92 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Soft Omni 64 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Soft Spotlight 64 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Three Down 120 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Lighting Styles\Triple Spotlight 120 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\LightingEffects.8BF 401408 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Liquify.8BF 2396160 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Mezzotint.8BF 26624 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\NTSC Colors.8BF 16384 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Pinch.8BF 65536 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Pointillize.8BF 86016 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Polar Coordinates.8BF 65536 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Radial Blur.8BF 110592 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Ripple.8BF 188416 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Shear.8BF 30208 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Smart Blur.8BF 77824 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Solarize.8BF 12288 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Spherize.8BF 60928 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Tiles.8BF 28672 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Twirl.8BF 73728 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\VanishingPoint.8BF 3014656 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Wave.8BF 57344 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\Wind.8BF 98304 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Filters\ZigZag.8BF 77824 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Image Stacks 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Image Stacks\statistics.8BA 59392 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Import-Export 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Import-Export\FireWire Export.8BE 57344 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Import-Export\FireWire.dll 57344 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Import-Export\Paths to Illustrator.8BE 27648 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Import-Export\Save for Web.8BE 5918720 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Import-Export\Twain_32.8BA 23040 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Measurements 0 bytes
File C:\Program Files\Adobe\Adobe Photoshop CS4\Plug-ins\Measurements\MeasurementCore.8ME 94208 bytes executable
File C:\Program Files\Adobe\Adobe Photoshop CS5\Locales\en_GB\Support Files\Shortcuts\Win 0 bytes

---- EOF - GMER 1.0.15 ----

broni · 2010/11/06

It looks fine

Dari · 2010/11/06

So now what do you want me to do? I've already mentioned the problems with combofix.

broni · 2010/11/06

Re-run Combofix from Safe Mode. Disregard any warnings.

Dari · 2010/11/07

Tried to run combofix from safe mode several times, blue screened each time. It got to at least stage 3 in scanning, I don't know how much further it got.

broni · 2010/11/07

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Try normal mode and safe mode.

Dari · 2010/11/08

Combofix crashed somewhere around stage 43 on normal mode, here is the log from safe mode (it ran fine in safe mode).

ComboFix 10-11-07.A2 - Kia 08/11/2010 17:18:31.10.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2694 [GMT 0:00]
Running from: c:\documents and settings\Kia\Desktop\Kia.exe
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-10-08 to 2010-11-08 )))))))))))))))))))))))))))))))
.

2010-11-03 17:55 . 2010-09-07 15:52 165584 ------w- c:\windows\system32\drivers\aswSP.sys
2010-11-03 17:55 . 2010-09-07 15:47 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-03 17:55 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-03 17:55 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-03 17:55 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-03 17:55 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-03 17:55 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-01 03:44 . 2010-11-01 03:44 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-10-31 20:08 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-31 20:08 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-31 20:08 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-31 20:08 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-30 20:22 . 2010-09-07 16:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\program files\Alwil Software
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-30 17:15 . 2010-10-30 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-30 17:08 . 2010-10-30 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-30 15:21 . 2010-10-30 15:26 -------- d-----w- c:\program files\Support Tools
2010-10-29 21:51 . 2010-10-29 21:51 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-10-29 21:49 . 2010-10-29 21:50 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-10-29 21:48 . 2010-10-29 21:48 -------- d-----w- c:\program files\Application Verifier
2010-10-29 20:37 . 2010-10-29 20:37 -------- d-----w- c:\program files\ESET
2010-10-28 11:29 . 2010-10-28 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 11:29 . 2010-10-28 11:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 09:57 . 2010-10-28 09:57 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Conduit
2010-10-28 09:56 . 2010-10-28 10:08 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Runescape
2010-10-28 04:57 . 2010-10-28 04:57 -------- d-----w- c:\program files\CleanUp!
2010-10-28 04:39 . 2010-10-28 04:39 -------- d-sh--w- c:\documents and settings\Pareesa\IETldCache
2010-10-28 04:18 . 2010-10-28 04:23 -------- d-----w- c:\documents and settings\Karena\Application Data\Apple Computer
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Adobe
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Application Data\Epson
2010-10-28 04:12 . 2010-11-03 17:47 90112 ----a-w- c:\windows\DUMP566d.tmp
2010-10-28 04:12 . 2010-11-01 16:28 90112 ----a-w- c:\windows\DUMP4a47.tmp
2010-10-27 23:39 . 2010-10-27 23:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Runescape
2010-10-26 16:33 . 2010-10-26 17:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson
2010-10-26 15:46 . 2010-10-26 15:46 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2010-10-26 14:47 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Conduit
2010-10-26 14:46 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Runescape
2010-10-26 14:45 . 2010-10-26 14:48 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-10-26 14:45 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2010-10-26 07:00 . 2010-10-27 23:23 -------- d-----w- c:\documents and settings\Kia\Local Settings\Application Data\{A8E5562A-795B-405E-8374-00CC98BDE371}
2010-10-26 06:45 . 2010-10-26 06:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-10-21 22:15 . 2010-10-27 23:29 -------- d-s---w- c:\documents and settings\Dari
2010-10-11 22:41 . 2010-10-11 22:41 -------- d-----w- c:\program files\iTeleport

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 10:41 . 2010-06-03 23:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 12:23 . 2005-08-16 03:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 03:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 03:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 03:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 03:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2005-08-16 03:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 03:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 03:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 03:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-04-12 16:02 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-24 13:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 03:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 03:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 03:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-06-30 12:44 . 2008-05-08 20:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-31_22.41.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 00:02 . 2009-07-12 00:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- 2010-10-30 15:00 . 2010-10-30 15:00 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
+ 2005-08-16 03:18 . 2010-11-01 03:52 93980 c:\windows\system32\perfc009.dat
- 2005-08-16 03:18 . 2010-10-31 19:54 93980 c:\windows\system32\perfc009.dat
+ 2005-08-16 03:18 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2005-08-16 03:18 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 03:31 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 03:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-08-16 03:18 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2005-08-16 03:18 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-09 19:10 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-09 19:10 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2009-03-08 03:31 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2009-03-08 03:31 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-10 00:28 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-10 00:28 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 03:34 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 03:33 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 03:33 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2010-10-30 15:00 . 2010-10-30 15:00 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2010-11-01 03:51 . 2010-11-01 03:51 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
- 2009-06-21 18:46 . 2010-09-15 23:51 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-06-21 18:46 . 2010-11-01 03:54 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-21 18:46 . 2010-09-15 23:51 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-21 18:46 . 2010-11-01 03:54 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-21 18:46 . 2010-11-01 03:54 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-06-21 18:46 . 2010-09-15 23:51 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-11-01 03:46 . 2010-06-24 12:22 12800 c:\windows\ie8updates\KB2360131-IE8\xpshims.dll
+ 2010-11-01 03:46 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2360131-IE8\mshtmled.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 55296 c:\windows\ie8updates\KB2360131-IE8\msfeedsbs.dll
+ 2010-11-01 03:46 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2360131-IE8\licmgr10.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 25600 c:\windows\ie8updates\KB2360131-IE8\jsproxy.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\e48a365b852cd9526f374a59ae05b14a\System.Xaml.Hosting.ni.dll
+ 2010-11-01 16:22 . 2010-11-01 16:22 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\392550d6e95ad09fb9322d9455aec8db\System.Web.DynamicData.Design.ni.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
- 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 00:05 . 2009-07-12 00:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2005-08-16 03:18 . 2010-11-01 03:52 520422 c:\windows\system32\perfh009.dat
- 2005-08-16 03:18 . 2010-10-31 19:54 520422 c:\windows\system32\perfh009.dat
+ 2005-08-16 03:18 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
- 2005-08-16 03:18 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll
- 2005-08-16 03:18 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll
+ 2005-08-16 03:18 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 03:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
- 2005-08-16 03:18 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 03:18 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
- 2005-08-16 03:18 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 03:18 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 03:18 . 2010-08-26 12:22 173056 c:\windows\system32\ie4uinit.exe
- 2005-08-16 03:18 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe
+ 2009-04-24 13:28 . 2010-07-12 12:55 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2008-12-31 07:41 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-12-31 07:41 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2010-08-27 08:02 119808 c:\windows\system32\dllcache\t2embed.dll
- 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-12-31 07:13 . 2010-08-26 13:39 357248 c:\windows\system32\dllcache\srv.sys
- 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-04-15 14:51 . 2010-08-16 08:45 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-03-08 03:34 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 03:34 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 03:32 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 03:32 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-10 00:29 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2006-10-14 08:13 . 2010-09-18 12:23 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2009-06-09 19:10 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-09 19:10 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-02-26 05:43 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-02-26 05:43 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-08 20:35 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-08 20:35 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2009-03-08 13:09 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 13:09 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 03:32 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 03:32 . 2010-08-26 12:22 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-09-01 11:51 285824 c:\windows\system32\dllcache\atmfd.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-06-21 18:46 . 2010-11-01 03:54 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-06-21 18:46 . 2010-09-15 23:51 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-06-21 18:46 . 2010-09-15 23:51 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-06-21 18:46 . 2010-11-01 03:54 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-06-21 18:46 . 2010-11-01 03:54 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-06-21 18:46 . 2010-09-15 23:51 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-06-21 18:46 . 2010-09-15 23:51 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-06-21 18:46 . 2010-11-01 03:54 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-11-01 03:46 . 2010-06-24 12:22 916480 c:\windows\ie8updates\KB2360131-IE8\wininet.dll
+ 2010-11-01 03:46 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2360131-IE8\spuninst\updspapi.dll
+ 2010-11-01 03:46 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2360131-IE8\spuninst\spuninst.exe
+ 2010-11-01 03:46 . 2010-06-24 12:22 206848 c:\windows\ie8updates\KB2360131-IE8\occache.dll
+ 2010-11-01 03:46 . 2010-06-24 12:22 611840 c:\windows\ie8updates\KB2360131-IE8\mstime.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 599040 c:\windows\ie8updates\KB2360131-IE8\msfeeds.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 247808 c:\windows\ie8updates\KB2360131-IE8\ieproxy.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 184320 c:\windows\ie8updates\KB2360131-IE8\iepeers.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 743424 c:\windows\ie8updates\KB2360131-IE8\iedvtool.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 387584 c:\windows\ie8updates\KB2360131-IE8\iedkcs32.dll
+ 2010-11-01 03:46 . 2010-06-23 12:08 173056 c:\windows\ie8updates\KB2360131-IE8\ie4uinit.exe
+ 2010-11-01 16:22 . 2010-11-01 16:22 858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\5a92089db9cf7d6719e17901faccac62\System.Web.Extensions.Design.ni.dll
+ 2010-11-01 03:58 . 2010-11-01 03:58 332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\c97c50687367c59e2a079256db3f3fe0\System.Web.Entity.ni.dll
+ 2010-11-01 16:22 . 2010-11-01 16:22 296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\176672e0493bf60c3f734c993a07bb16\System.Web.Entity.Design.ni.dll
+ 2010-11-01 03:58 . 2010-11-01 03:58 705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\95b2dbd5420314afcae0ebf2017c817e\System.Web.DynamicData.ni.dll
+ 2010-11-01 03:58 . 2010-11-01 03:58 256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\38841365902dc452c19f164174cf0b59\System.Web.DataVisualization.Design.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3ab33bf00cf828230466368599d7dc41\System.ServiceModel.Activation.ni.dll
+ 2010-11-01 03:56 . 2010-11-01 03:56 767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\423d873fc534c5a104683990f4644bfe\System.Runtime.Remoting.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\968743c11e050cfdeadad7846203ff59\System.Data.Services.Design.ni.dll
+ 2010-11-01 03:56 . 2010-11-01 03:56 471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\5801d526748d91c3b3ea51578a3dc7f4\ComSvcConfig.ni.exe
+ 2010-11-01 03:56 . 2010-11-01 03:56 842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\cb88fc7083c5681f13db38fed0833824\AspNetMMCExt.ni.dll
+ 2010-10-31 20:08 . 2010-08-23 16:12 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2005-08-16 03:18 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2005-08-16 03:18 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2005-08-16 03:18 . 2010-09-10 05:58 5957120 c:\windows\system32\mshtml.dll
- 2009-03-08 03:32 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll
+ 2009-03-08 03:32 . 2010-09-10 05:58 1986560 c:\windows\system32\iertutil.dll
+ 2005-08-16 03:27 . 2010-11-01 16:18 3822712 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 03:27 . 2010-10-27 23:47 3822712 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-31 07:29 . 2010-08-31 13:42 1852800 c:\windows\system32\dllcache\win32k.sys
+ 2008-12-31 07:41 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2008-12-31 07:41 . 2010-09-10 05:58 5957120 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-10 00:29 . 2010-09-10 05:58 1986560 c:\windows\system32\dllcache\iertutil.dll
- 2007-05-10 00:29 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll
+ 2010-09-22 05:55 . 2010-09-22 05:55 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
- 2010-03-18 15:47 . 2010-03-18 15:47 1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-09-22 05:55 . 2010-09-22 05:55 5176144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
- 2010-10-30 15:00 . 2010-10-30 15:00 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2010-11-01 03:51 . 2010-11-01 03:51 5176144 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-08-13 18:01 . 2010-08-13 18:01 8993280 c:\windows\Installer\98a3c.msp
+ 2010-09-22 15:02 . 2010-09-22 15:02 4076032 c:\windows\Installer\98a27.msp
+ 2010-08-13 17:59 . 2010-08-13 17:59 8182272 c:\windows\Installer\989ff.msp
+ 2010-08-13 18:02 . 2010-08-13 18:02 2545664 c:\windows\Installer\989c9.msp
+ 2010-08-13 18:00 . 2010-08-13 18:00 9404928 c:\windows\Installer\98993.msp
+ 2010-09-17 06:06 . 2010-09-17 06:06 3355648 c:\windows\Installer\9896b.msp
- 2009-06-21 18:46 . 2010-09-15 23:51 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-06-21 18:46 . 2010-11-01 03:54 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-18 16:26 . 2010-09-15 23:51 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-18 16:26 . 2010-11-01 03:54 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-09-16 20:55 . 2010-11-01 03:54 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-09-16 20:55 . 2010-09-15 23:50 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-11-01 03:46 . 2010-06-24 12:22 1210368 c:\windows\ie8updates\KB2360131-IE8\urlmon.dll
+ 2010-11-01 03:46 . 2010-06-24 12:22 5951488 c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
+ 2010-11-01 03:46 . 2010-06-24 12:21 1986560 c:\windows\ie8updates\KB2360131-IE8\iertutil.dll
+ 2010-11-01 16:23 . 2010-11-01 16:23 1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\7eb7c9925325af5ff8efe701816ce21b\System.WorkflowServices.ni.dll
+ 2010-11-01 16:23 . 2010-11-01 16:23 1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\e6a8093075513417293fa9c0cb0d3f15\System.Workflow.Runtime.ni.dll
+ 2010-11-01 16:23 . 2010-11-01 16:23 2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\d6754ff376c584b0b3f1a9ebff584d88\System.Workflow.Activities.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\6e204cb5a071f46729950d05a3b2a156\System.Web.Services.ni.dll
+ 2010-11-01 16:22 . 2010-11-01 16:22 2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\6723ea07781fc48d355011d3abb84926\System.Web.Mobile.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 3079168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\43d80c564ad9e44d1e85f571660eeaef\System.Web.Extensions.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\bdd7213eb34d213d5ec4b5a15d090164\System.Web.DataVisualization.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\efc766cd735063418f2b3bb68aea5000\System.ServiceModel.Web.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\f9b19f1b5459ba4f1e168ea880c02ac2\System.Data.Services.ni.dll
+ 2010-11-01 03:57 . 2010-11-01 03:57 1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\a5771fc17441b1037cd89e35d041e4d8\System.Data.Entity.Design.ni.dll
+ 2010-11-01 03:56 . 2010-11-01 03:56 1135104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\721dabd848e05840e3b301898f06a639\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2005-08-16 03:19 . 2010-08-25 23:36 10841088 c:\windows\system32\wmp.dll
- 2005-08-16 03:19 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2009-01-01 03:45 . 2010-11-01 03:39 35385288 c:\windows\system32\MRT.exe
+ 2009-03-08 03:39 . 2010-09-10 05:58 11080192 c:\windows\system32\ieframe.dll
+ 2009-07-13 22:43 . 2010-08-25 23:36 10841088 c:\windows\system32\dllcache\wmp.dll
- 2009-07-13 22:43 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2007-05-10 00:28 . 2010-09-10 05:58 11080192 c:\windows\system32\dllcache\ieframe.dll
+ 2010-11-01 03:46 . 2010-06-24 16:51 11077120 c:\windows\ie8updates\KB2360131-IE8\ieframe.dll
+ 2010-11-01 03:56 . 2010-11-01 03:56 11917312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\14142c920eb5f6ee161521d15f01c71b\System.Web.ni.dll
+ 2010-11-01 03:52 . 2010-11-01 03:52 10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\02afab1644fc00dc886dbcc4aa0fef1b\System.Design.ni.dll
.
-- Snapshot reset to current date --
.

Dari · 2010/11/08

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2010-10-29 20:27 3908192 ----a-w- c:\program files\Runescape\tbRun1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8864317-E18B-4292-99D9-E6E65AB905D3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyFirewall "= "c:\program files\ProxyFirewall\ProxyFirewall.exe" [2006-03-26 431104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to HiJackThis.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to HiJackThis.lnk
backup=c:\windows\pss\Shortcut to HiJackThis.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to procexp.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to procexp.lnk
backup=c:\windows\pss\Shortcut to procexp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anon_proxy_server]
2008-01-28 04:01 94208 ----a-w- c:\program files\Anon Proxy Server\htdocs\anon_proxy_server\pserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-04 19:01 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-01-12 09:54 669520 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 17:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 12:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-04 17:45 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-05-09 21:40 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28 815704 ----a-w- c:\program files\TightVNC\tvnserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
2007-02-07 22:43 254007 ----a-w- c:\program files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-08-08 15:35 55856 ----a-w- c:\program files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-08-08 15:36 72240 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0B2B741A-121C-771A-6770-DE29AF5309C6}]
c:\documents and settings\Kia\Application Data\Ihgudy\udceu.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)
"WMPNetworkSvc "=3 (0x3)
"wampmysqld "=3 (0x3)
"wampapache "=2 (0x2)
"VMware NAT Service "=2 (0x2)
"vmount2 "=2 (0x2)
"VMnetDHCP "=2 (0x2)
"VMAuthdService "=2 (0x2)
"ufad-ws60 "=3 (0x3)
"tvnserver "=2 (0x2)
"SwitchBoard "=3 (0x3)
"SmartFoxServer_BASIC_1.5 "=2 (0x2)
"SmartFoxServerPRO__1.6 "=2 (0x2)
"PnkBstrA "=2 (0x2)
"Pml Driver HPZ12 "=2 (0x2)
"ose "=3 (0x3)
"odserv "=3 (0x3)
"npggsvc "=3 (0x3)
"NetSvc "=3 (0x3)
"Microsoft Office Groove Audit Service "=3 (0x3)
"JavaQuickStarterService "=2 (0x2)
"idsvc "=3 (0x3)
"IDriverT "=3 (0x3)
"gusvc "=2 (0x2)
"gupdate1c98bcf3de9e680 "=2 (0x2)
"FMSHttpd "=3 (0x3)
"FMSAdmin "=3 (0x3)
"FMS "=3 (0x3)
"FLEXnet Licensing Service "=3 (0x3)
"EpsonBidirectionalService "=2 (0x2)
"Bonjour Service "=2 (0x2)
"avast! Web Scanner "=3 (0x3)
"avast! Mail Scanner "=3 (0x3)
"avast! Antivirus "=2 (0x2)
"Apple Mobile Device "=2 (0x2)
"AOL ACS "=2 (0x2)
"anon_proxy_config "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\ijji\\Warrior Epic\\WEShell_TGI_ijji.exe "=
"c:\\Program Files\\TightVNC\\tvnserver.exe "=
"c:\\Program Files\\TightVNC\\vncviewer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"157:TCP "= 157:TCP:WarriorEpic
"157:UDP "= 157:UDP:WarriorEpic
"163:TCP "= 163:TCP:WarriorEpic
"163:UDP "= 163:UDP:WarriorEpic
"231:TCP "= 231:TCP:WarriorEpic
"231:UDP "= 231:UDP:WarriorEpic
"990:TCP "= 990:TCP:WarriorEpic
"990:UDP "= 990:UDP:WarriorEpic
"911:TCP "= 911:TCP:WarriorEpic
"911:UDP "= 911:UDP:WarriorEpic
"494:TCP "= 494:TCP:WarriorEpic
"494:UDP "= 494:UDP:WarriorEpic
"292:TCP "= 292:TCP:WarriorEpic
"292:UDP "= 292:UDP:WarriorEpic
"844:TCP "= 844:TCP:WarriorEpic
"844:UDP "= 844:UDP:WarriorEpic
"365:TCP "= 365:TCP:WarriorEpic
"365:UDP "= 365:UDP:WarriorEpic
"947:TCP "= 947:TCP:WarriorEpic
"947:UDP "= 947:UDP:WarriorEpic

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/11/2010 17:55 165584]
S1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 11:06 8944]
S1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 11:05 55024]
S2 anon_proxy_config;anon_proxy_config;c:\program files\Anon Proxy Server\bin\Apache.exe [09/01/2007 12:17 20539]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2010 17:55 17744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate1c98bcf3de9e680;Google Update Service (gupdate1c98bcf3de9e680);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 22:30 133104]
S2 SmartFoxServer_BASIC_1.5;SmartFoxServer BASIC 1.5; "c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe" -s "c:\program files\SmartFoxServerBASIC_1.5.5\Server\conf\wrapper.conf" --> c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe [?]
S2 SmartFoxServerPRO__1.6;SmartFoxServer PRO 1.6;c:\program files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe [17/10/2006 22:22 204800]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [08/07/2010 13:28 815704]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [08/01/2010 11:18 41025]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys --> c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 FMS;Flash Media Server (FMS);c:\program files\Adobe\Flash Media Server 3.5\FMSMaster.exe [03/04/2010 06:31 2428928]
S3 FMSAdmin;Flash Media Administration Server;c:\program files\Adobe\Flash Media Server 3.5\FMSAdmin.exe [03/04/2010 06:31 2596864]
S3 FMSHttpd;FMSHttpd;c:\program files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe [03/04/2010 06:31 24635]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [21/08/2009 07:45 8576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/09/2008 04:36 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [30/06/2007 21:13 541696]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 11:06 7408]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S3 XDva012;XDva012;\??\c:\windows\system32\XDva012.sys --> c:\windows\system32\XDva012.sys [?]
S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [02/09/2009 03:07 85504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/03/2009 17:30 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-DARIUS-Kia.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-20 02:44]

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-10-28 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]

2010-11-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 22:17]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Get Flash by FlashKeeper - c:\program files\FlashKeeper\GetFlash.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{86301D40-94C1-4a5e-843B-7F43965E364A} - c:\program files\FlashKeeper\GetFlash.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: mymaths.co.uk\www
FF - ProfilePath - c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D530E149-538A-9EB2-3DC7-BBC1A48C51BA}&q=
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ProxyFirewall = c:\program files\ProxyFirewall\ProxyFirewall.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32]
@DACL=(02 0000)
@= "c:\\WINDOWS\\system32\\geeda.dll "
"ThreadingModel "= "Both "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1032)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-11-08 17:46:53
ComboFix-quarantined-files.txt 2010-11-08 17:46
ComboFix2.txt 2010-11-02 17:43
ComboFix3.txt 2010-10-31 22:46
ComboFix4.txt 2010-10-28 17:20
ComboFix5.txt 2010-11-06 23:18

Pre-Run: 6,215,372,800 bytes free
Post-Run: 6,191,783,936 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - EF75A884135144865D58F3D7FCF87B91

And the log from rkill.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Kia on 08/11/2010 at 17:14:47.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Kia\Desktop\rkill.com

Rkill completed on 08/11/2010 at 17:14:51.

broni · 2010/11/08

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\Kia\Application Data\Ihgudy

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0B2B741A-121C-771A-6770-DE29AF5309C6}]
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Dari · 2010/11/09

I was slightly confused about a couple of things: Should combofix still be renamed, or should I change it back to combofix.exe? Also, was I supposed to do this in safe or normal mode, or try both?

I didn't rename it back to ComboFix, instead I ran it with CFScript as it was, and it froze on the scanning bit, not even having completed stage_1 for about 10 hours, so I turned off the computer.

I renamed it ComboFix and it ran fine with CFScript, here's the log.

ComboFix 10-11-07.A2 - Kia 09/11/2010 9:40.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2483 [GMT 0:00]
Running from: c:\documents and settings\Kia\Desktop\Combofix.exe
Command switches used :: c:\documents and settings\Kia\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AVG10
c:\documents and settings\All Users\Application Data\AVG10\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\AVG10\log\avgcfg.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgldr.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avglng.log
c:\documents and settings\All Users\Application Data\AVG10\log\avglng.log.lock
c:\documents and settings\All Users\Application Data\AVG10\log\avgui.log
c:\documents and settings\All Users\Application Data\AVG10\log\avgui.log.lock

.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-08 17:16 . 2010-11-08 17:46 -------- d-----w- C:\Kia
2010-11-03 17:55 . 2010-09-07 15:52 165584 ------w- c:\windows\system32\drivers\aswSP.sys
2010-11-03 17:55 . 2010-09-07 15:47 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-03 17:55 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-03 17:55 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-03 17:55 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-03 17:55 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-03 17:55 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-01 03:44 . 2010-11-01 03:44 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-10-31 20:08 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-31 20:08 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-31 20:08 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-31 20:08 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-30 20:22 . 2010-09-07 16:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\program files\Alwil Software
2010-10-30 20:21 . 2010-10-30 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-30 17:08 . 2010-10-30 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-30 15:21 . 2010-10-30 15:26 -------- d-----w- c:\program files\Support Tools
2010-10-29 21:51 . 2010-10-29 21:51 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-10-29 21:49 . 2010-10-29 21:50 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-10-29 21:48 . 2010-10-29 21:48 -------- d-----w- c:\program files\Application Verifier
2010-10-29 20:37 . 2010-10-29 20:37 -------- d-----w- c:\program files\ESET
2010-10-28 11:29 . 2010-10-28 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 11:29 . 2010-10-28 11:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 09:57 . 2010-10-28 09:57 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Conduit
2010-10-28 09:56 . 2010-10-28 10:08 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Runescape
2010-10-28 04:57 . 2010-10-28 04:57 -------- d-----w- c:\program files\CleanUp!
2010-10-28 04:39 . 2010-10-28 04:39 -------- d-sh--w- c:\documents and settings\Pareesa\IETldCache
2010-10-28 04:18 . 2010-10-28 04:23 -------- d-----w- c:\documents and settings\Karena\Application Data\Apple Computer
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Local Settings\Application Data\Adobe
2010-10-28 04:17 . 2010-10-28 04:17 -------- d-----w- c:\documents and settings\Karena\Application Data\Epson
2010-10-28 04:12 . 2010-11-03 17:47 90112 ----a-w- c:\windows\DUMP566d.tmp
2010-10-28 04:12 . 2010-11-01 16:28 90112 ----a-w- c:\windows\DUMP4a47.tmp
2010-10-27 23:39 . 2010-10-27 23:39 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2010-10-26 17:00 . 2010-10-26 17:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Runescape
2010-10-26 16:33 . 2010-10-26 17:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-10-26 16:33 . 2010-10-26 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson
2010-10-26 15:46 . 2010-10-26 15:46 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2010-10-26 14:47 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Conduit
2010-10-26 14:46 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Runescape
2010-10-26 14:45 . 2010-10-26 14:48 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2010-10-26 14:45 . 2010-10-26 14:47 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2010-10-26 07:00 . 2010-10-27 23:23 -------- d-----w- c:\documents and settings\Kia\Local Settings\Application Data\{A8E5562A-795B-405E-8374-00CC98BDE371}
2010-10-26 06:45 . 2010-10-26 06:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-10-21 22:15 . 2010-10-27 23:29 -------- d-s---w- c:\documents and settings\Dari
2010-10-11 22:41 . 2010-10-11 22:41 -------- d-----w- c:\program files\iTeleport

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 10:41 . 2010-06-03 23:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 12:23 . 2005-08-16 03:18 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2005-08-16 03:18 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2005-08-16 03:18 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2005-08-16 03:18 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2005-08-16 03:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2005-08-16 03:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2005-08-16 03:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2005-08-16 03:18 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2005-08-16 03:18 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-08-16 03:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2005-08-16 03:18 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-04-12 16:02 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-24 13:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2005-08-16 03:18 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2005-08-16 03:18 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2005-08-16 03:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-06-30 12:44 . 2008-05-08 20:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-11-08_17.43.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-09 09:28 . 2010-11-09 09:28 16384 c:\windows\temp\Perflib_Perfdata_e88.dat
+ 2010-11-09 09:28 . 2010-11-09 09:28 16384 c:\windows\temp\Perflib_Perfdata_a30.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2010-10-29 20:27 3908192 ----a-w- c:\program files\Runescape\tbRun1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8864317-E18B-4292-99D9-E6E65AB905D3} "= "c:\program files\Runescape\tbRun1.dll" [2010-10-29 3908192]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyFirewall "= "c:\program files\ProxyFirewall\ProxyFirewall.exe" [2006-03-26 431104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to HiJackThis.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to HiJackThis.lnk
backup=c:\windows\pss\Shortcut to HiJackThis.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kia^Start Menu^Programs^Startup^Shortcut to procexp.lnk]
path=c:\documents and settings\Kia\Start Menu\Programs\Startup\Shortcut to procexp.lnk
backup=c:\windows\pss\Shortcut to procexp.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anon_proxy_server]
2008-01-28 04:01 94208 ----a-w- c:\program files\Anon Proxy Server\htdocs\anon_proxy_server\pserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-04 19:01 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-01-12 09:54 669520 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 17:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 12:46 135168 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 01:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-04 17:45 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-05-09 21:40 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
2010-07-08 13:28 815704 ----a-w- c:\program files\TightVNC\tvnserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
2007-02-07 22:43 254007 ----a-w- c:\program files\FarStone\VirtualDrive\vdtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-08-08 15:35 55856 ----a-w- c:\program files\VMware\VMware Workstation\hqtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2008-08-08 15:36 72240 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)
"WMPNetworkSvc "=3 (0x3)
"wampmysqld "=3 (0x3)
"wampapache "=2 (0x2)
"VMware NAT Service "=2 (0x2)
"vmount2 "=2 (0x2)
"VMnetDHCP "=2 (0x2)
"VMAuthdService "=2 (0x2)
"ufad-ws60 "=3 (0x3)
"tvnserver "=2 (0x2)
"SwitchBoard "=3 (0x3)
"SmartFoxServer_BASIC_1.5 "=2 (0x2)
"SmartFoxServerPRO__1.6 "=2 (0x2)
"PnkBstrA "=2 (0x2)
"Pml Driver HPZ12 "=2 (0x2)
"ose "=3 (0x3)
"odserv "=3 (0x3)
"npggsvc "=3 (0x3)
"NetSvc "=3 (0x3)
"Microsoft Office Groove Audit Service "=3 (0x3)
"JavaQuickStarterService "=2 (0x2)
"idsvc "=3 (0x3)
"IDriverT "=3 (0x3)
"gusvc "=2 (0x2)
"gupdate1c98bcf3de9e680 "=2 (0x2)
"FMSHttpd "=3 (0x3)
"FMSAdmin "=3 (0x3)
"FMS "=3 (0x3)
"FLEXnet Licensing Service "=3 (0x3)
"EpsonBidirectionalService "=2 (0x2)
"Bonjour Service "=2 (0x2)
"avast! Web Scanner "=3 (0x3)
"avast! Mail Scanner "=3 (0x3)
"avast! Antivirus "=2 (0x2)
"Apple Mobile Device "=2 (0x2)
"AOL ACS "=2 (0x2)
"anon_proxy_config "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\ijji\\Warrior Epic\\WEShell_TGI_ijji.exe "=
"c:\\Program Files\\TightVNC\\tvnserver.exe "=
"c:\\Program Files\\TightVNC\\vncviewer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"157:TCP "= 157:TCP:WarriorEpic
"157:UDP "= 157:UDP:WarriorEpic
"163:TCP "= 163:TCP:WarriorEpic
"163:UDP "= 163:UDP:WarriorEpic
"231:TCP "= 231:TCP:WarriorEpic
"231:UDP "= 231:UDP:WarriorEpic
"990:TCP "= 990:TCP:WarriorEpic
"990:UDP "= 990:UDP:WarriorEpic
"911:TCP "= 911:TCP:WarriorEpic
"911:UDP "= 911:UDP:WarriorEpic
"494:TCP "= 494:TCP:WarriorEpic
"494:UDP "= 494:UDP:WarriorEpic
"292:TCP "= 292:TCP:WarriorEpic
"292:UDP "= 292:UDP:WarriorEpic
"844:TCP "= 844:TCP:WarriorEpic
"844:UDP "= 844:UDP:WarriorEpic
"365:TCP "= 365:TCP:WarriorEpic
"365:UDP "= 365:UDP:WarriorEpic
"947:TCP "= 947:TCP:WarriorEpic
"947:UDP "= 947:UDP:WarriorEpic

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/11/2010 17:55 165584]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/12/2008 11:06 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 11:05 55024]
R2 anon_proxy_config;anon_proxy_config;c:\program files\Anon Proxy Server\bin\Apache.exe [09/01/2007 12:17 20539]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2010 17:55 17744]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [08/07/2010 13:28 815704]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [08/01/2010 11:18 41025]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate1c98bcf3de9e680;Google Update Service (gupdate1c98bcf3de9e680);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 22:30 133104]
S2 SmartFoxServer_BASIC_1.5;SmartFoxServer BASIC 1.5; "c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe" -s "c:\program files\SmartFoxServerBASIC_1.5.5\Server\conf\wrapper.conf" --> c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe [?]
S2 SmartFoxServerPRO__1.6;SmartFoxServer PRO 1.6;c:\program files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe [17/10/2006 22:22 204800]
S3 AhnRptTfFRegFNT;AhnRptTfFRegFNT;\??\c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys --> c:\progra~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 FMS;Flash Media Server (FMS);c:\program files\Adobe\Flash Media Server 3.5\FMSMaster.exe [03/04/2010 06:31 2428928]
S3 FMSAdmin;Flash Media Administration Server;c:\program files\Adobe\Flash Media Server 3.5\FMSAdmin.exe [03/04/2010 06:31 2596864]
S3 FMSHttpd;FMSHttpd;c:\program files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe [03/04/2010 06:31 24635]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [21/08/2009 07:45 8576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/09/2008 04:36 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [30/06/2007 21:13 541696]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 11:06 7408]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S3 XDva012;XDva012;\??\c:\windows\system32\XDva012.sys --> c:\windows\system32\XDva012.sys [?]
S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [02/09/2009 03:07 85504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/03/2009 17:30 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-DARIUS-Kia.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-06-20 02:44]

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 15:03]

2010-11-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 22:17]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 22:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Get Flash by FlashKeeper - c:\program files\FlashKeeper\GetFlash.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{86301D40-94C1-4a5e-843B-7F43965E364A} - c:\program files\FlashKeeper\GetFlash.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
Trusted Zone: mymaths.co.uk\www
FF - ProfilePath - c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D530E149-538A-9EB2-3DC7-BBC1A48C51BA}&q=
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 10:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ProxyFirewall = c:\program files\ProxyFirewall\ProxyFirewall.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32]
@DACL=(02 0000)
@= "c:\\WINDOWS\\system32\\geeda.dll "
"ThreadingModel "= "Both "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-11-09 10:09:53
ComboFix-quarantined-files.txt 2010-11-09 10:09
ComboFix2.txt 2010-11-08 17:46
ComboFix3.txt 2010-11-02 17:43
ComboFix4.txt 2010-10-31 22:46
ComboFix5.txt 2010-11-08 23:48

Pre-Run: 2,921,107,456 bytes free
Post-Run: 2,897,207,296 bytes free

Current=5 Default=5 Failed=3 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 5451CAD80BBAD133ED12C12B8BD9F90D

broni · 2010/11/09

It looks good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Dari · 2010/11/09

The computer is quite a lot better, no google redirects, and chrome is working again, though it still blue screens when you use for a period of time, but maybe it blue screens less often.

OTL logfile created on: 09/11/2010 19:49:57 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kia\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 1.08 Gb Free Space | 0.75% Space Free | Partition Type: NTFS

Computer Name: DARIUS | User Name: Kia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 21:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kia\Desktop\OTL.exe
PRC - [2010/10/27 23:47:30 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/08 13:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2009/02/04 17:45:09 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/08 15:36:22 | 000,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2008/08/08 15:35:46 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/08/08 15:34:50 | 000,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 00:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) -- c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
PRC - [2008/01/18 00:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
PRC - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2007/01/09 12:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Anon Proxy Server\bin\Apache.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/11/14 02:40:00 | 005,230,080 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

========== Modules (SafeList) ==========

MOD - [2010/11/05 21:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kia\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe -- (WUSB54GSv2SVC)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe -- (SmartFoxServer_BASIC_1.5)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe -- (Panda Software Controller)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/08 13:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/06 22:58:00 | 003,443,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/06/26 08:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/02/04 14:15:40 | 002,428,928 | R--- | M] (Adobe Systems Incorporated.) [On_Demand | Stopped] -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSMaster.exe -- (FMS) Flash Media Server (FMS)
SRV - [2009/02/04 14:00:12 | 002,596,864 | R--- | M] (Adobe Systems Incorporated.) [On_Demand | Stopped] -- C:\Program Files\Adobe\Flash Media Server 3.5\FMSAdmin.exe -- (FMSAdmin)
SRV - [2009/02/04 13:42:58 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe -- (FMSHttpd)
SRV - [2008/12/28 16:40:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/08 15:36:22 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/08/08 15:35:46 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/08/08 15:34:50 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/04/17 18:13:44 | 005,750,784 | ---- | M] () [On_Demand | Stopped] -- c:\Wampp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2008/01/18 00:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache)
SRV - [2007/11/30 16:23:02 | 000,186,928 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/23 09:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/01/09 12:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Anon Proxy Server\bin\Apache.exe -- (anon_proxy_config)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/17 22:22:50 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe -- (SmartFoxServerPRO__1.6)
SRV - [2005/09/29 03:02:26 | 000,491,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Java\JDK16~1.0_1\bin\Rar$EX06.235\Zenos Engine\Zenos Engine\zenos.sys -- (zenos1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva039.sys -- (XDva039)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva025.sys -- (XDva025)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva020.sys -- (XDva020)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva014.sys -- (XDva014)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva013.sys -- (XDva013)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva012.sys -- (XDva012)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Java\JDK16~1.0_1\bin\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Java\JDK16~1.0_1\bin\nsz19.tmp\TfFRegNt.sys -- (AhnRptTfFRegFNT)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/29 14:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/05 03:16:19 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/22 11:06:02 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (sasenum)
DRV - [2008/12/22 11:06:00 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (sasdifsv)
DRV - [2008/12/22 11:05:58 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (saskutil)
DRV - [2008/08/08 15:36:38 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008/08/08 15:36:36 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2008/08/08 15:36:34 | 000,025,264 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008/08/08 15:36:32 | 000,926,000 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2008/08/08 15:32:58 | 000,030,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2008/08/08 15:32:58 | 000,028,592 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008/08/08 15:32:58 | 000,016,816 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008/07/07 07:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/08 14:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 18:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/11/30 16:22:16 | 000,019,248 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007/03/23 09:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2007/01/26 17:20:18 | 000,081,944 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fvxscsi.sys -- (FVXSCSI)
DRV - [2006/11/09 21:55:16 | 000,017,840 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus)
DRV - [2006/02/23 21:03:42 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KProcWatch.sys -- (KProcWatch)
DRV - [2005/11/16 20:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/30 00:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 00:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 00:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/04/16 15:10:08 | 000,541,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\phc700.sys -- (phc700) USB PC Camera (phc700)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 21:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\tbRun1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search "
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search "
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= "
FF - prefs.js..browser.search.order.1: "Fast Browser Search "
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.24
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.6
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:1.3.2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.1
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D530E149-538A-9EB2-3DC7-BBC1A48C51BA}&q= "
FF - prefs.js..network.proxy.http: "72.37.213.104 "
FF - prefs.js..network.proxy.http_port: 8089
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1 "
FF - prefs.js..network.proxy.socks_remote_dns: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/06/20 12:07:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/09 09:43:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 09:45:56 | 000,000,000 | ---D | M]

[2008/05/25 16:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Extensions
[2010/11/09 11:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions
[2010/05/16 03:48:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/29 20:03:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/27 18:04:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/08/23 06:24:07 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/27 18:04:39 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/12/20 15:03:25 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/08/29 20:03:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/14 19:49:13 | 000,000,000 | ---D | M] (SpyroForum Toolbar) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{d20c9f59-374d-4490-8cb2-27f7a20b13d6}
[2010/06/23 01:16:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/16 03:49:28 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/05/16 03:49:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/23 06:24:31 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/03/23 17:36:40 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/08/29 20:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\autopager@mozilla.org
[2010/05/16 03:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\firebug@software.joehewitt.com
[2009/01/25 04:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\iaplayer@instantaction.com
[2009/09/20 17:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\searchrecs@veoh.com
[2010/05/15 00:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\textlinks@playsushi.com
[2009/12/20 14:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\toolbar@shopathome.com
[2009/02/06 11:44:16 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\searchplugins\conduit.xml
[2009/12/20 15:03:40 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\searchplugins\fast-browser-search.xml
[2009/08/24 03:04:56 | 000,002,373 | ---- | M] () -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\searchplugins\Search Solver.xml
[2010/11/09 11:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/28 21:34:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/29 20:41:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
[2010/03/25 20:54:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/30 12:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2009/07/02 23:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 06:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/11/15 12:15:00 | 000,102,400 | ---- | M] (Solid State Networks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npssn.dll
[2010/08/10 03:38:14 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/10 03:38:14 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/10 03:38:14 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/10 03:38:14 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/09 10:04:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\tbRun1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (RuneScape Toolbar) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\tbRun1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BigSeekPro Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (RuneScape Toolbar) - {A8864317-E18B-4292-99D9-E6E65AB905D3} - C:\Program Files\Runescape\tbRun1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe (Unique Internet Services)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Program Files\FlashKeeper\GetFlash.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O15 - HKCU\..Trusted Domains: mymaths.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kia\My Documents\My Pictures\e-on software\Vue 7 xStream\job001.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kia\My Documents\My Pictures\e-on software\Vue 7 xStream\job001.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 19:49:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kia\Desktop\OTL.exe
[2010/11/08 17:46:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/08 17:16:31 | 000,000,000 | ---D | C] -- C:\Kia
[2010/11/03 17:55:23 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/03 17:55:23 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/03 17:55:21 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/03 17:55:19 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/03 17:55:17 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/03 17:55:17 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/03 17:55:16 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/03 16:49:25 | 000,052,224 | ---- | C] (NirSoft) -- C:\Documents and Settings\Kia\Desktop\BlueScreenView.exe
[2010/11/01 18:02:39 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Kia\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/10/31 19:58:29 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kia\Desktop\TDSSKiller.exe
[2010/10/30 20:22:20 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/30 20:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/10/30 20:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/30 17:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/30 15:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/30 15:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/10/29 21:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2010/10/29 21:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010/10/29 21:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2010/10/29 20:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/28 11:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/28 11:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/28 04:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/10/27 23:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/26 18:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kia\Desktop\Animal Crossing Editing Pack
[2010/10/26 14:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/26 07:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kia\Local Settings\Application Data\{A8E5562A-795B-405E-8374-00CC98BDE371}
[2010/10/26 04:31:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kia\My Documents\src
[2010/10/11 22:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTeleport
[2009/08/22 13:06:12 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2007/06/30 21:13:28 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\cphc700.dll
[2006/04/12 16:03:36 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2006/04/12 16:03:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2006/04/12 16:03:36 | 000,770,048 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[2006/04/12 16:03:36 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2006/04/12 16:03:36 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2006/04/12 16:03:36 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2006/04/12 16:03:36 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2006/04/12 16:03:36 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2006/04/12 16:03:36 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Kia\My Documents\*.tmp files -> C:\Documents and Settings\Kia\My Documents\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Dari · 2010/11/09

========== Files - Modified Within 30 Days ==========

[2010/11/09 19:53:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/09 19:43:05 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/09 19:42:01 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 19:41:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/09 19:41:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 19:41:03 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 10:04:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/08 23:46:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2010/11/08 16:37:28 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\Kia\Desktop\Combofix.exe
[2010/11/08 16:35:16 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\rkill.com
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/06 23:07:39 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2010/11/06 22:55:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/11/06 22:55:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/11/06 19:43:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/11/06 19:43:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/11/06 14:03:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/11/06 14:03:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/11/06 14:03:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/06 14:03:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/05 21:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kia\Desktop\OTL.exe
[2010/11/05 17:34:24 | 000,287,041 | ---- | M] () -- C:\Documents and Settings\Kia\My Documents\gmer.zip
[2010/11/03 17:55:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/01 16:18:19 | 003,822,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/01 16:14:44 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kia\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/01 03:55:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/01 03:52:06 | 000,520,422 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/01 03:52:06 | 000,093,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 20:13:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/10/31 20:13:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/10/31 07:26:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/31 02:00:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DARIUS-Kia.job
[2010/10/30 21:19:26 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\setup_av_free.exe
[2010/10/30 20:17:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\MBRCheck.exe
[2010/10/30 20:16:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/10/30 20:16:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/10/30 19:58:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/10/30 19:58:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/10/30 18:27:25 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/10/30 17:22:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/10/30 17:22:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/10/30 17:03:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/10/30 17:03:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/10/30 15:48:57 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Kia\jagex_runescape_preferences.dat
[2010/10/30 15:48:55 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Kia\jagex_runescape_preferences2.dat
[2010/10/30 14:45:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/10/30 14:45:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/10/30 14:38:59 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\dds.scr
[2010/10/30 14:19:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/10/30 14:19:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/10/29 21:26:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/10/29 21:26:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/10/27 22:56:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ihifimenipavurog.dat
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kia\Desktop\TDSSKiller.exe
[2010/10/19 12:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/17 22:59:11 | 000,012,359 | ---- | M] () -- C:\Documents and Settings\Kia\My Documents\Bonjour Pierre.docx
[2010/10/17 22:59:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kia\My Documents\~$njour Pierre.docx
[2010/10/10 22:26:11 | 000,012,313 | ---- | M] () -- C:\Documents and Settings\Kia\My Documents\Characteristics of God.docx
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Kia\My Documents\*.tmp files -> C:\Documents and Settings\Kia\My Documents\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/08 23:30:58 | 3210,891,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/08 16:36:42 | 003,906,043 | R--- | C] () -- C:\Documents and Settings\Kia\Desktop\Combofix.exe
[2010/11/08 16:35:20 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Kia\Desktop\rkill.com
[2010/11/06 22:55:18 | 000,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
[2010/11/06 22:55:18 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2010/11/06 19:43:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata10.sqm
[2010/11/06 19:43:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2010/11/06 14:03:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2010/11/06 14:03:57 | 000,000,232 | -H-- | C] () -- C:\sqmdata09.sqm
[2010/11/06 14:03:55 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2010/11/06 14:03:55 | 000,000,232 | -H-- | C] () -- C:\sqmdata08.sqm
[2010/11/05 17:34:26 | 000,287,041 | ---- | C] () -- C:\Documents and Settings\Kia\My Documents\gmer.zip
[2010/11/03 17:53:25 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Kia\Desktop\setup_av_free.exe
[2010/10/31 20:13:16 | 000,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2010/10/31 20:13:16 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2010/10/30 20:29:36 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Kia\Desktop\MBRCheck.exe
[2010/10/30 20:16:18 | 000,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2010/10/30 20:16:18 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2010/10/30 19:58:34 | 000,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2010/10/30 19:58:34 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2010/10/30 18:27:25 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/10/30 17:22:25 | 000,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2010/10/30 17:22:25 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2010/10/30 17:03:11 | 000,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2010/10/30 17:03:11 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2010/10/30 14:45:55 | 000,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2010/10/30 14:45:55 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2010/10/30 14:39:00 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Kia\Desktop\dds.scr
[2010/10/30 14:19:31 | 000,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2010/10/30 14:19:31 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2010/10/29 21:26:41 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2010/10/29 21:26:41 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2010/10/28 14:51:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/28 14:51:52 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/26 07:00:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ihifimenipavurog.dat
[2010/10/26 06:55:37 | 000,038,383 | ---- | C] () -- C:\Documents and Settings\Kia\Adobe CS5 Cleaner Tool.log
[2010/10/17 22:59:11 | 000,012,359 | ---- | C] () -- C:\Documents and Settings\Kia\My Documents\Bonjour Pierre.docx
[2010/10/17 22:59:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kia\My Documents\~$njour Pierre.docx
[2010/10/10 21:29:00 | 000,012,313 | ---- | C] () -- C:\Documents and Settings\Kia\My Documents\Characteristics of God.docx
[2010/08/29 21:00:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\GScript.INI
[2010/07/09 19:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/06/23 23:03:46 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Kia\Application Data\Adobe PNG Format CS5 Prefs
[2010/06/23 22:54:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Kia\Application Data\Adobe BMP Format CS5 Prefs
[2010/06/11 16:53:04 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/11 16:53:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/14 19:58:51 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI
[2010/03/24 11:55:18 | 000,129,536 | ---- | C] () -- C:\WINDOWS\inout2.dll
[2010/03/24 11:07:21 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010/03/06 00:39:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/02/08 06:33:04 | 000,359,320 | ---- | C] () -- C:\WINDOWS\System32\vfprintpthelper.dll
[2010/01/30 23:08:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/01/23 23:28:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/01/08 11:18:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/01/08 11:17:58 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/01/08 11:17:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/08 10:44:02 | 000,001,413 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/12/24 15:12:55 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Kia\Application Data\Current.prx
[2009/12/19 19:19:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\Sx5363.ini
[2009/12/07 00:31:24 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Kia\Application Data\PnkBstrK.sys
[2009/09/29 22:10:18 | 000,000,574 | ---- | C] () -- C:\Program Files\Shortcut to mirc.exe.lnk
[2009/09/10 02:08:21 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/21 07:45:18 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\KProcWatch.sys
[2009/07/05 16:04:53 | 000,000,327 | ---- | C] () -- C:\WINDOWS\DVDCreator.INI
[2009/04/03 13:57:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2009/03/03 16:50:46 | 000,000,114 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2008/12/30 23:57:41 | 000,000,058 | ---- | C] () -- C:\WINDOWS\FILEVIEW.INI
[2008/12/23 19:48:33 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/22 01:44:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2008/11/17 18:09:48 | 000,000,109 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2008/11/15 17:35:27 | 000,000,125 | ---- | C] () -- C:\WINDOWS\fd3.INI
[2008/10/26 14:01:44 | 000,000,560 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2008/05/25 16:26:13 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/03/21 10:57:43 | 000,002,033 | ---- | C] () -- C:\WINDOWS\System32\wikrvlqf.dll
[2008/03/18 17:22:08 | 000,138,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/02/11 08:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 08:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 12:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/28 17:25:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/27 13:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 13:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/07/14 11:25:10 | 000,000,085 | ---- | C] () -- C:\WINDOWS\EmperorEdit.INI
[2007/06/30 21:13:29 | 000,541,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\phc700.sys
[2007/06/30 21:13:29 | 000,015,488 | ---- | C] () -- C:\WINDOWS\phc700.ini
[2007/06/28 16:26:09 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/06/28 16:23:31 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/06/28 16:20:00 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/06/28 16:19:40 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/06/28 16:18:32 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/06/26 21:11:56 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/06/26 21:06:06 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/05/25 17:28:37 | 000,001,199 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/17 20:07:53 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/12/22 22:37:41 | 000,000,106 | ---- | C] () -- C:\Program Files\piconfig.lx
[2006/12/09 04:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/10/22 11:10:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/10/07 17:08:27 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/10/02 20:20:54 | 000,000,885 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/28 17:58:10 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Kia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/18 13:20:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll
[2006/09/18 13:20:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll
[2006/09/18 13:20:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll
[2006/08/07 17:03:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll
[2006/06/16 21:51:43 | 000,000,701 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/06/15 15:45:47 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\AD0E102659.sys
[2006/05/18 18:44:16 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/06 13:55:53 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Kia\Local Settings\Application Data\fusioncache.dat
[2006/04/12 16:30:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/12 16:03:36 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/04/12 16:03:36 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/04/12 16:03:36 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/04/12 16:03:36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/04/12 16:03:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/04/12 16:03:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/04/12 16:03:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/04/12 16:03:36 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/04/12 16:03:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2006/04/12 16:03:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/04/12 16:03:04 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/12/05 18:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 11:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/10/27 14:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/07 12:50:50 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\zlibmax.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/06/01 17:57:22 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\swfmaxps.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== LOP Check ==========

[2009/12/06 20:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AA2DeployClient
[2010/10/30 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/17 17:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
[2009/11/07 11:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AnyCapture
[2007/06/02 15:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2009/03/15 17:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2005/08/16 19:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/01/24 00:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/08/27 09:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/08/20 10:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2010/10/30 17:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/09/02 03:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/20 12:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2006/07/15 00:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/09/05 10:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/03/24 01:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftKit
[2010/09/08 16:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
[2010/05/19 17:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/23 23:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2006/04/12 16:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/09 09:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/27 23:37:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\BitTorrent
[2010/06/22 01:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/11/21 01:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\com.adobe.ExMan
[2009/08/10 02:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009/03/15 17:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\DAEMON Tools Pro
[2010/10/30 20:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\DNA
[2009/03/25 18:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\e-on software
[2010/08/03 18:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\ECSoftware
[2010/01/25 19:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Epson
[2009/07/05 02:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\FarStone
[2009/08/14 23:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\FOG Downloader
[2009/12/21 13:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\FunkyEmoticons
[2010/08/01 22:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\GameTuts
[2009/01/25 04:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\GarageGames
[2009/03/17 22:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\GetRightToGo
[2008/08/27 23:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\gtk-2.0
[2010/10/30 15:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Igoc
[2009/08/19 18:45:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kia\Application Data\ijjigame
[2009/06/26 22:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\ImgBurn
[2009/12/06 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\IMVU
[2009/07/05 02:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\J. A. Associates
[2008/12/06 15:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\NetMedia Providers
[2009/08/10 03:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\NPLUTO Corporation
[2008/08/30 19:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Opera
[2010/06/20 01:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\orpui
[2009/08/20 18:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\PE Explorer
[2010/09/05 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Publish Providers
[2009/11/14 17:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Raptr
[2009/08/20 18:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Resource Tuner Console
[2010/09/05 10:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Sony
[2009/03/29 16:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\SWF.max
[2008/08/30 14:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Template
[2010/03/24 10:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Tibia
[2009/01/02 19:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\Turbine
[2009/12/17 15:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kia\Application Data\yoclient
[2010/11/08 23:46:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/11/06 23:07:39 | 000,000,279 | -HS- | M] () -- C:\boot.ini
[2010/11/09 10:09:54 | 000,030,104 | ---- | M] () -- C:\ComboFix.txt
[2006/04/12 16:05:28 | 000,004,882 | RH-- | M] () -- C:\dell.sdr
[2010/11/07 03:56:41 | 000,002,349 | ---- | M] () -- C:\dlcf.log
[2010/11/09 19:41:03 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/30 18:27:25 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/04/14 15:49:58 | 000,000,139 | ---- | M] () -- C:\ioSpecial.ini
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2002/01/05 02:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/10 18:17:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/09 19:41:00 | 3210,817,536 | -HS- | M] () -- C:\pagefile.sys
[2010/11/08 17:14:51 | 000,000,388 | ---- | M] () -- C:\rkill.log
[2010/10/29 21:26:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/10/30 14:19:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/10/30 14:45:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/10/30 17:03:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/10/30 17:22:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/10/30 19:58:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/10/30 20:16:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/10/31 20:13:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/11/06 14:03:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/11/06 14:03:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/11/06 19:43:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/11/06 22:55:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/10/29 21:26:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/10/30 14:19:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/10/30 14:45:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/10/30 17:03:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/10/30 17:22:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/10/30 19:58:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/10/30 20:16:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/10/31 20:13:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/11/06 14:03:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/11/06 14:03:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/11/06 19:43:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/11/06 22:55:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/11/04 16:16:28 | 000,053,626 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_04.11.2010_16.15.56_log.txt
[2010/10/31 19:59:26 | 000,053,380 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_31.10.2010_19.58.47_log.txt

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/05/11 22:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2009/02/01 18:05:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/09/29 17:28:54 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcfPP5C.DLL
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/05/05 07:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2006/09/28 18:00:31 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\Kia\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2007/01/22 16:55:10 | 000,000,106 | ---- | M] () -- C:\Program Files\piconfig.lx
[2008/10/27 12:18:19 | 000,000,574 | ---- | M] () -- C:\Program Files\Shortcut to mirc.exe.lnk

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/10 18:27:01 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/01 18:06:00 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Kia\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/12/31 06:01:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Kia\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/02/01 18:10:40 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Kia\Desktop\ATF-Cleaner.exe
[2010/08/15 19:11:28 | 000,052,224 | ---- | M] (NirSoft) -- C:\Documents and Settings\Kia\Desktop\BlueScreenView.exe
[2010/11/08 16:37:28 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\Kia\Desktop\Combofix.exe
[2007/02/12 18:38:37 | 000,223,368 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\CrucialUKScan.exe
[2009/03/15 17:28:14 | 011,651,528 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Kia\Desktop\DTPro4300304.exe
[2008/09/26 23:28:17 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kia\Desktop\HiJackThis.exe
[2009/09/19 07:09:54 | 000,172,032 | ---- | M] (PKEDPKER) -- C:\Documents and Settings\Kia\Desktop\KBHv2.0.14.exe
[2010/10/30 20:17:22 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\MBRCheck.exe
[2008/12/29 23:56:34 | 001,570,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kia\Desktop\MGADiag.exe
[2010/11/05 21:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kia\Desktop\OTL.exe
[2009/12/21 16:46:04 | 003,631,230 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\Patch Blocker.exe
[2008/09/26 21:34:23 | 003,520,552 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kia\Desktop\procexp.exe
[2010/10/30 21:19:26 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\setup_av_free.exe
[2009/01/07 21:04:42 | 005,774,368 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\SUPERAntiSpywarePro.exe
[2008/06/06 07:59:40 | 003,279,722 | ---- | M] () -- C:\Documents and Settings\Kia\Desktop\SwiftKit(Install).exe
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kia\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/02/27 16:36:18 | 000,013,023 | ---- | M] () -- C:\WINDOWS\phc700.src
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/01/21 16:53:53 | 001,228,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Kia\My Documents\ADBEFLPRCS4Win_LS1.exe
[2009/01/30 18:33:32 | 001,228,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Kia\My Documents\ADBEPPROCS4_LS7.exe
[2008/12/02 16:55:42 | 000,632,320 | ---- | M] () -- C:\Documents and Settings\Kia\My Documents\AQWin.exe
[2008/09/21 09:42:05 | 001,029,632 | ---- | M] (By LolSalad) -- C:\Documents and Settings\Kia\My Documents\AQWTrainer 1.0.0.exe
[2009/05/14 21:43:23 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Kia\My Documents\Art.exe
[2004/04/02 05:41:20 | 000,069,120 | ---- | M] (Aldo Vargas - http://www.aldostools.com) -- C:\Documents and Settings\Kia\My Documents\PecEdit.exe
[2008/09/13 01:31:13 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Kia\My Documents\Refresh.exe
[2008/09/13 18:01:46 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\Kia\My Documents\Refresher.exe
[2 C:\Documents and Settings\Kia\My Documents\*.tmp files -> C:\Documents and Settings\Kia\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/01 18:06:01 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Kia\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/09 19:44:33 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Kia\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP47A6274
@Alternate Data Stream - 489 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E4A69E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP06A4C76
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6C0CA66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98781370
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F

< End of report >

Dari · 2010/11/09

OTL Extras logfile created on: 09/11/2010 19:49:57 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kia\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.34 Gb Total Space | 1.08 Gb Free Space | 0.75% Space Free | Partition Type: NTFS

Computer Name: DARIUS | User Name: Kia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"157:TCP" = 157:TCP:*:Enabled:WarriorEpic
"157:UDP" = 157:UDP:*:Enabled:WarriorEpic
"163:TCP" = 163:TCP:*:Enabled:WarriorEpic
"163:UDP" = 163:UDP:*:Enabled:WarriorEpic
"231:TCP" = 231:TCP:*:Enabled:WarriorEpic
"231:UDP" = 231:UDP:*:Enabled:WarriorEpic
"990:TCP" = 990:TCP:*:Enabled:WarriorEpic
"990:UDP" = 990:UDP:*:Enabled:WarriorEpic
"911:TCP" = 911:TCP:*:Enabled:WarriorEpic
"911:UDP" = 911:UDP:*:Enabled:WarriorEpic
"494:TCP" = 494:TCP:*:Enabled:WarriorEpic
"494:UDP" = 494:UDP:*:Enabled:WarriorEpic
"292:TCP" = 292:TCP:*:Enabled:WarriorEpic
"292:UDP" = 292:UDP:*:Enabled:WarriorEpic
"844:TCP" = 844:TCP:*:Enabled:WarriorEpic
"844:UDP" = 844:UDP:*:Enabled:WarriorEpic
"365:TCP" = 365:TCP:*:Enabled:WarriorEpic
"365:UDP" = 365:UDP:*:Enabled:WarriorEpic
"947:TCP" = 947:TCP:*:Enabled:WarriorEpic
"947:UDP" = 947:UDP:*:Enabled:WarriorEpic

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:EnabledNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\ijji\Warrior Epic\WEShell_TGI_ijji.exe" = C:\ijji\Warrior Epic\WEShell_TGI_ijji.exe:*:Enabled:Warrior Epic -- (True Games Interactive)
"C:\Program Files\TightVNC\tvnserver.exe" = C:\Program Files\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server -- (GlavSoft LLC.)
"C:\Program Files\TightVNC\vncviewer.exe" = C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer -- (TightVNC Group)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{02383859-C71C-4AE0-80C9-12552ADA6B1E}" = Adobe Setup
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FC9C3C9-443B-4790-BD09-7F871161E9FB}" = iTeleport Connect
"{115B3C94-B59B-4095-AD1C-0FC40354C7F3}" = Zoo Tycoon 2
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15C768E2-AB61-4DE3-952F-6B237A834951}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A9B8C94-2781-4B36-941E-CB37957DE0C0}_is1" = Xross Media Simulator 1.0
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3569D403-23C1-4432-9A33-3E82C47BE470}_is1" = PS3 Theme Builder 3.0
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B22DD86-47B1-4454-BFF7-64FCA3D0631C}" = Soul of the Ultimate Nation
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D8A40E9-8E59-3761-98DE-2C9F7303FA17}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{620797B0-A022-4B57-A95E-DD7DD0321040}" = ProxyWay
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6778954C-13C2-4333-AF77-F5C885EB280F}" = America's Army
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{699F8C4C-B519-40E7-BBF4-82AEA146C5C8}" = Remote Play with PlayStation 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{6EC2F8D1-6303-4E49-9F17-4D537C648F5C}" = HexEdit
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Emperor: Rise of the Middle Kingdom 1.0.1.0
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111155550}" = Tradewinds Legends
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{869D5D02-CA71-4077-8A75-A409DF771B4A}" = The Lord of the Rings Online TCG 2
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C98EAE9-D93F-4BCE-BBFF-5DE70413F2BE}" = ImageShack Toolbar for Internet Explorer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA6A3416-2549-4B63-83F5-1EF335F50061}_is1" = Nachooz Alarm Clock 7.0
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AC1C89FF-0B01-4750-9DD7-E38EAB162ABA}" = David vs Goliath
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C70BF2F2-2B54-4303-ABE6-82A20038A2EA}" = Philips SPC 700NC PC Camera
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{cddcbbf1-2703-46bc-938b-bcc81a1eeaaa}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D3EC28C5-C63B-4125-8BA2-1652552B846A}" = Who Wants To Be A Millionaire Junior
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7A53E41-3F32-4A44-989C-53DDEBB2130C}" = Adobe Extension Manager CS3
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E16110F7-1C85-4675-99F4-7938F832C825}" = Adobe Fireworks CS3
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8939963-824B-41DD-9BA7-037A8DC5C79F}" = PKDF Trainer XL v2.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EEE22184-B53C-4B87-9F5B-53638160B966}" = VirtualDrive
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F16BC933-9C6E-48b0-9539-59FE1503EEFE}" = PS7800
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAD36C92-1E27-4120-B610-693A7762F91C}" = Adobe Setup
"{FB361AB1-1C48-4221-9893-8DEFFCE9A858}" = febooti fileTweak Hex Editor
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}" = PS3.ProxyServer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Media Server 3.5.1_is1" = Adobe Flash Media Server 3.5.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe flex sdk redistributed by sothink_is1" = 3.4.0.9271.1
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5a2cf0498f0f8a9d712b9c8926ae172" = Adobe Soundbooth CS4
"Adobe_97f0f9ca84f595cf960425cba984151" = Adobe Extension Manager CS4
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_bbef028176efa5abf0233d3e1747be8" = Adobe Fireworks CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Anon Proxy Server" = Anon Proxy Server
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"CleanUp!" = CleanUp!
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Color Printer 725" = Dell Color Printer 725
"DellSupport" = Dell Support 5.0.0 (630)
"Desktop Dot" = Desktop Dot
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DriftCity" = Drift City
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX510W_TX550W User’s Guide" = Epson Stylus SX510W_TX550W Manual
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"EsetOnlineScanner" = ESET Online Scanner
"ESPNMotion" = ESPNMotion
"FireTune" = FireTune
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"FlashKeeper_is1" = FlashKeeper 3.0
"FreeCommander_is1" = FreeCommander 2008.06c
"GhostMouse 2.0" = GhostMouse 2.0
"GLVIEW3" = OpenGL Extensions Viewer 3.0
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"Gunz" = ijji - Gunz
"HashTab" = HashTab 1.14 for x32
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hidden Finder_is1" = Hidden Finder 1.5.5
"High Speed Rail Project" = High Speed Rail Project Beta v1
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"igLoader_is1" = igLoader 2,0,0,2
"ImgBurn" = ImgBurn
"InstallShield_{115B3C94-B59B-4095-AD1C-0FC40354C7F3}" = Zoo Tycoon 2
"IntelligentAdvisor" = IntelligentAdvisor
"IntelliJ IDEA Community Edition 9.0.1" = IntelliJ IDEA Community Edition 9.0.1
"Logical Journey of the Zoombinis V1.1.0" = Logical Journey of the Zoombinis V1.1.0
"Lunia" = Lunia
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"mIRC" = mIRC
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mp3-2-wav" = mp3-2-wav converter 1.14
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NetSight" = Nielsen
"NetTools_is1" = NetTools 4.5
"Network Addon Mod" = Network Addon Mod Version June 2009
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"Pcsx2_is1" = Pcsx2 0.9.4 Watermoose
"PE Explorer_is1" = PE Explorer 1.99 R5
"Polipo" = Polipo 1.0.4
"PowerISO" = PowerISO
"Privoxy" = Privoxy (remove only)
"PROR" = Microsoft Office Professional 2007 Trial
"PROSet" = Intel(R) PRO Network Connections Drivers
"Proxifier_is1" = Proxifier version 2.9
"ProxyFirewall_is1" = ProxyFirewall 1.0.4 Beta
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"ReaJPEG Pro_is1" = ReaJPEG Pro 3.5
"RealPlayer 6.0" = RealPlayer
"Resource Tuner Console_is1" = Resource Tuner Console 1.80
"RuneScape MultiCalc" = RuneScape MultiCalc
"Runescape Toolbar" = Runescape Toolbar
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Sigma Player_is1" = Sigma Player 1.0
"Simple Port Forwarding" = Simple Port Forwarding
"Skype_is1" = Skype 2.5
"SkypeMate" = SkypeMate
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SWF Decompiler Premium Free Version_is1" = SWF Decompiler Premium Free Version 2.2.1.1373
"SWF.max" = Aero SWF.max 1.5.840
"SwiftKit" = SwiftKit
"SwiftSwitch" = SwiftSwitch
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tibia_is1" = Tibia
"TightVNC" = TightVNC 2.0.2
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"Tor" = Tor 0.2.1.21
"UnrealIRCd_is1" = UnrealIRCd3.2.8.1
"VB Decompiler Lite_is1" = VB Decompiler Lite
"Vidalia" = Vidalia 0.2.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Drive Creator_is1" = Virtual Drive Creator V2.2.1
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"Vodafone 804SS USB driver" = SAMSUNG Mobile USB Modem ^^
"WampServer 2_is1" = WampServer 2.0
"Wanadoo" = Wanadoo UK
"Warrior Epic" = Warrior Epic
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0638265cfb8124a6" = AA2Deploy
"BitTorrent DNA" = DNA
"Crash Overide Trainer 1.5.2 Alpha" = Crash Overide Trainer 1.5.2 Alpha
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"ijji.com" = ijji

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/11/2010 09:59:42 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 06/11/2010 15:41:28 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 06/11/2010 18:53:52 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 06/11/2010 19:11:27 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 06/11/2010 20:06:19 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 06/11/2010 22:54:19 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 08/11/2010 12:27:59 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 08/11/2010 19:31:24 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 09/11/2010 05:28:28 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

Error - 09/11/2010 15:41:22 | Computer Name = DARIUS | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2010/11/09

Good news

though it still blue screens when you use for a period of time
Click to expand...

When we're done here and the same problem is still there, you'll have to create new topic in Windows forum.

==============================================================

Drive C: | 144.34 Gb Total Space | 1.08 Gb Free Space | 0.75% Space Free
Click to expand...

You're running critically low on C drive free space.
You have to start moving some stuff out immediately, or your computer may not boot at all, one day.
It MAY have something to do with your BSODs.

=================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe -- (Panda Software Controller)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva039.sys -- (XDva039)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva025.sys -- (XDva025)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva020.sys -- (XDva020)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva014.sys -- (XDva014)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva013.sys -- (XDva013)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva012.sys -- (XDva012)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
FF - prefs.js..browser.search.defaultenginename:  "Fast Browser Search "
FF - prefs.js..browser.search.defaultthis.engineName:  "Fast Browser Search "
FF - prefs.js..browser.search.defaulturl:  "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= "
FF - prefs.js..browser.search.order.1:  "Fast Browser Search "
FF - prefs.js..browser.search.selectedEngine:  "Fast Browser Search "
FF - prefs.js..keyword.URL:  "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D530E149-538A-9EB2-3DC7-BBC1A48C51BA}&q= "
FF - prefs.js..network.proxy.http:  "72.37.213.104 "
FF - prefs.js..network.proxy.http_port: 8089
[2009/12/20 15:03:25 | 000,000,000 | ---D | M] (Fast Browser Search (My Web Tattoo)) -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/12/20 15:03:40 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\searchplugins\fast-browser-search.xml
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BigSeekPro Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\BigSeekPro Toolbar\tbcore3.dll File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Kia\My Documents\*.tmp files -> C:\Documents and Settings\Kia\My Documents\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] 
[2010/10/27 22:56:41 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ihifimenipavurog.dat
[2006/04/12 16:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D47A6274
@Alternate Data Stream - 489 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E4A69E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F6C0CA66
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98781370
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Log in or Sign up

Solved Rootkit trouble

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Dari Inactive Thread Starter

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Rootkit trouble

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Dari Inactive Thread Starter

Dari Inactive Thread Starter

Dari Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches