Author Topic: [Resolved] Can't Remove Infospace / Kiwee Toolbar (Read 10462 times)

markpsych · « **Reply #150 on:** April 17, 2010, 02:23:54 PM »

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{5344b500-1be4-4299-bae1-6bc7524b710b} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: 3
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 20:27:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/16 22:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Ares Galaxy Professional
[2010/04/16 18:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\LGInternetKit
[2010/04/16 18:19:26 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/04/16 18:19:26 | 000,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2010/04/16 18:19:26 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2010/04/16 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\LG PC Suite II
[2010/04/14 15:52:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/14 15:47:26 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTM.exe
[2010/04/14 08:20:39 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/14 08:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Desktop\avenger
[2010/04/14 08:17:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/14 08:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/14 08:14:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\pc\Desktop\erunt-setup.exe
[2010/04/13 22:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/04/13 08:37:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/12 23:24:41 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTL.exe
[2010/04/12 11:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Desktop\gmer
[2010/04/11 20:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Desktop\RootRepeal
[2010/04/11 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/11 02:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Uniblue
[2010/04/11 01:55:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pc\Recent
[2010/04/11 00:40:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\pc\My Documents\My Shapes
[2010/04/10 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CrypKey
[2010/04/10 22:47:15 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2010/04/10 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2010/04/10 22:23:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/10 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Help
[2010/04/10 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Help
[2010/04/10 19:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/04/09 00:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Threat Expert
[2010/04/09 00:35:05 | 001,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/04/09 00:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/09 00:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 23:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/08 23:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/08 21:32:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 21:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/08 21:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/08 00:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/04/02 11:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Publish Providers
[2010/04/02 11:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Sony
[2010/04/02 11:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Sony
[2010/03/31 21:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/31 00:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/31 00:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Temp
[2010/03/31 00:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 00:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/31 00:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/07 12:07:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\pc\Application Data\pcouffin.sys
[2010/01/18 22:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/12/01 23:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/11/04 22:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/11/04 22:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/04 22:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/22 11:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/18 22:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/31 23:16:01 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\ShellLnkSSE.dll
[2009/04/27 21:41:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/24 05:38:39 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/04/17 20:59:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FDA3C114-5C89-42C5-B4E5-5B64EDE52919}.job
[2010/04/17 20:59:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{35F0AD50-B1A3-4429-AA14-3B4697010D70}.job
[2010/04/17 20:30:36 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Syrius Updater.lnk
[2010/04/17 20:30:31 | 000,162,159 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/17 20:29:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 20:29:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/17 20:28:26 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\pc\ntuser.dat
[2010/04/17 20:28:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\pc\ntuser.ini
[2010/04/17 20:28:23 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\pc\Local Settings\Application Data\IconCache.db
[2010/04/17 20:22:06 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
[2010/04/17 20:22:06 | 000,053,968 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
[2010/04/17 20:22:06 | 000,053,968 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
[2010/04/17 20:22:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/17 20:22:06 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/17 16:39:55 | 003,916,775 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\Combo-Fix.exe
[2010/04/17 12:53:43 | 001,374,664 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\MCPR.exe
[2010/04/17 12:48:28 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/04/17 01:01:55 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\fix.reg
[2010/04/16 22:35:19 | 000,867,264 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\SecurityCheck.exe
[2010/04/16 18:19:30 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LG PC Suite II.lnk
[2010/04/16 10:13:48 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\avenger.zip
[2010/04/15 13:35:24 | 000,002,048 | ---- | M] () -- C:\WINDOWS\System32\McUsers.dat
[2010/04/15 00:18:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/14 23:02:39 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\rc.iso
[2010/04/14 15:47:26 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTM.exe
[2010/04/14 08:17:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\pc\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/14 08:16:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\NTREGOPT.lnk
[2010/04/14 08:16:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\ERUNT.lnk
[2010/04/14 08:16:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\pc\Desktop\erunt-setup.exe
[2010/04/13 08:37:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/12 23:24:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTL.exe
[2010/04/12 22:13:56 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\Getting there.doc
[2010/04/12 18:13:37 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/12 11:18:25 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\gmer.zip
[2010/04/12 09:03:18 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/11 20:30:54 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\pc\default.pls
[2010/04/11 20:30:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/11 20:26:10 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\RootRepeal.zip
[2010/04/11 12:54:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 00:48:02 | 000,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 23:36:49 | 000,003,360 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2010/04/10 23:36:49 | 000,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2010/04/10 23:36:33 | 000,000,127 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2010/04/10 22:47:53 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/10 17:23:14 | 000,000,510 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/10 11:24:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/10 09:56:31 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\Picasa 3 (2).lnk
[2010/04/10 09:56:18 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\Picasa 3.lnk
[2010/04/09 11:08:57 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\dds.scr
[2010/04/09 01:40:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 23:39:04 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\HijackThis.lnk
[2010/04/03 23:28:44 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\Regarding fitting a cd changer to the Elgrand E50.doc
[2010/03/30 17:27:58 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\elgrand overrun.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 10:05:36 | 000,542,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 10:05:36 | 000,457,258 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 10:05:36 | 000,075,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/22 19:02:23 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\Dear all cubs.doc
[2010/03/21 17:57:40 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\part.doc
[2010/03/20 18:16:58 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\bunting.doc
[2010/03/18 23:11:57 | 000,011,762 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\tics EOT invoice.docx
[2010/03/18 23:05:28 | 004,281,490 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\D Martin TP Psycho Blank EOT Report.rtf

========== Files Created - No Company Name ==========

[2010/04/17 16:39:55 | 003,916,775 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\Combo-Fix.exe
[2010/04/17 12:53:32 | 001,374,664 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\MCPR.exe
[2010/04/17 12:48:28 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/04/17 00:55:00 | 000,001,867 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\fix.reg
[2010/04/16 22:35:12 | 000,867,264 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\SecurityCheck.exe
[2010/04/16 18:19:30 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LG PC Suite II.lnk
[2010/04/16 10:01:34 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\avenger.exe
[2010/04/15 13:35:24 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\McUsers.dat
[2010/04/14 22:32:05 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\rc.iso
[2010/04/14 08:18:08 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\avenger.zip
[2010/04/14 08:17:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\pc\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/14 08:16:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\NTREGOPT.lnk
[2010/04/14 08:16:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\ERUNT.lnk
[2010/04/12 22:13:56 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\Getting there.doc
[2010/04/12 11:18:23 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\gmer.zip
[2010/04/11 20:26:07 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\RootRepeal.zip
[2010/04/10 22:47:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/04/10 22:47:33 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2010/04/10 22:47:33 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/04/10 22:47:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/04/10 22:47:15 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/04/10 22:47:15 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/04/10 22:47:15 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/04/10 22:47:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/04/10 09:56:31 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\Picasa 3 (2).lnk
[2010/04/10 09:56:18 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\Picasa 3.lnk
[2010/04/09 11:08:55 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\dds.scr
[2010/04/09 00:35:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/09 00:30:13 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\ezpinst.log
[2010/04/08 23:39:04 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\HijackThis.lnk
[2010/04/08 21:33:31 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 23:28:43 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\Regarding fitting a cd changer to the Elgrand E50.doc
[2010/03/30 17:27:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\elgrand overrun.doc
[2010/03/24 13:50:11 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\OC.doc
[2010/03/22 19:02:23 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\Dear all cubs.doc
[2010/03/21 17:57:40 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\part.doc
[2010/03/20 18:16:58 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\bunting.doc
[2010/03/18 23:05:28 | 004,281,490 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\D Martin TP Psycho Blank EOT Report.rtf
[2010/03/07 12:07:35 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\pcouffin.log
[2010/03/07 12:07:27 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\inst.exe
[2010/03/07 12:07:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\pcouffin.cat
[2010/03/07 12:07:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\pcouffin.inf
[2010/01/16 16:37:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/01/16 16:37:11 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/11/01 13:32:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2009/06/20 21:06:23 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/06/20 21:06:23 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/06/20 20:52:32 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\pc\$FFPROFINI$prefs.js
[2009/06/11 21:28:27 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2009/06/08 18:14:54 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\pc\ntuser.dat
[2009/05/31 23:16:01 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009/05/29 18:50:40 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/05/11 00:32:52 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\pc\default.pls
[2009/05/08 08:28:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/28 19:50:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/28 19:47:18 | 000,032,309 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/28 19:46:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/28 19:45:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2009/04/28 19:18:01 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/27 23:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009/04/27 23:11:25 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/04/27 23:11:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/04/27 23:11:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009/04/27 23:11:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2009/04/27 23:11:22 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2009/04/27 23:11:22 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2009/04/27 22:27:05 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\pc\ntuser.dat.LOG
[2009/04/27 22:27:05 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\pc\ntuser.ini
[2008/10/08 00:08:38 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/10/07 23:41:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/10/07 23:41:40 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 21:22:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/05/24 06:00:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/07/26 22:13:12 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 14:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

========== LOP Check ==========

[2009/11/04 21:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/13 22:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/01/16 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/05/08 09:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/23 13:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/09 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/16 22:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Ares Galaxy Professional
[2009/05/06 22:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\FUJIFILM
[2010/01/16 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\LG Electronics
[2009/07/29 14:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\OfficeUpdate12
[2010/04/02 11:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Publish Providers
[2009/07/17 20:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Red Kawa
[2009/07/17 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Regensoft
[2010/04/02 11:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Sony
[2010/04/11 02:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Uniblue
[2010/03/07 12:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Vso
[2009/07/11 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Desktop Search
[2009/07/12 01:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Search
[2010/04/17 20:59:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{35F0AD50-B1A3-4429-AA14-3B4697010D70}.job
[2010/04/17 20:59:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FDA3C114-5C89-42C5-B4E5-5B64EDE52919}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/24 20:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/11/21 11:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/03/07 22:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/14 12:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/11/18 18:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/11/04 21:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/13 22:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/04/11 12:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/16 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/11/18 13:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/24 12:29:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/14 08:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/04/28 19:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/05/08 09:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/23 13:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/09 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/31 00:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/06/19 15:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/09 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/28 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11161\AcrobatUpdater.exe
[2010/03/24 19:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11161\AdobeARM.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11161\ReaderUpdater.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11556\AcrobatUpdater.exe
[2010/03/24 19:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11556\AdobeARM.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11556\ReaderUpdater.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11905\AcrobatUpdater.exe
[2010/03/24 19:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11905\AdobeARM.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11905\ReaderUpdater.exe
[2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
[2009/11/04 05:57:06 | 000,206,792 | ---- | M] (LG Electronics) -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe

< %APPDATA%\*. >
[2010/02/17 21:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Adobe
[2009/06/27 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\AdobeUM
[2009/09/19 18:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Apple Computer
[2010/04/16 22:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Ares Galaxy Professional
[2009/05/14 12:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\AVS4YOU
[2009/05/11 01:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Creative
[2010/03/19 20:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\dvdcss
[2009/05/06 22:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\FUJIFILM
[2009/06/25 18:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Google
[2010/04/10 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Help
[2009/04/27 22:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Identities
[2010/02/18 14:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\InstallShield
[2010/01/16 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\LG Electronics
[2009/05/06 21:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Macromedia
[2009/11/18 13:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Malwarebytes
[2010/04/11 12:29:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\pc\Application Data\Microsoft
[2009/04/28 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Nero
[2009/07/29 14:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\OfficeUpdate12
[2010/04/02 11:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Publish Providers
[2009/07/17 20:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Red Kawa
[2009/07/17 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Regensoft
[2010/04/02 11:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Sony
[2009/05/10 14:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Sun
[2010/04/09 10:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\SUPERAntiSpyware.com
[2009/12/01 23:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\U3
[2010/04/11 02:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Uniblue
[2010/04/15 00:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\vlc
[2010/03/07 12:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Vso
[2009/07/11 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Desktop Search
[2009/07/12 01:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Search

< %APPDATA%\*.exe /s >
[2010/03/07 12:07:27 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\inst.exe
[2010/04/11 12:29:21 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\pc\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\cleanup.exe
[2008/05/02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\Launchpad Removal.exe
[2008/05/04 17:02:26 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\LaunchPad.exe
[2007/10/23 10:44:48 | 000,054,584 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\U3AccessGrant.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\temp\cleanup.exe
[2008/05/02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\pc\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\332eb6f34a89925b92817fd9\i386\sp3.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | R--- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\332eb6f34a89925b92817fd9\i386\sp3.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | R--- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/09/21 15:39:16 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/27 22:25:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/27 22:25:13 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/27 22:25:13 | 000,942,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

markpsych · « **Reply #151 on:** April 17, 2010, 02:28:34 PM »

Sorry, for some reason I don't have an extras log for the most recent scan...must have done something wrong?

markpsych · « **Reply #152 on:** April 17, 2010, 04:15:20 PM »

Tried again - got both logs:

OTL logfile created on: 17/04/2010 22:53:35 - Run 4
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\pc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 128.90 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
Drive D: | 95.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 102.77 Gb Total Space | 102.71 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-CBB4F2FF4D55
Current User Name: pc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/14 17:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/12 23:24:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTL.exe
PRC - [2010/03/13 06:10:20 | 003,064,824 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/03/13 06:10:16 | 006,658,552 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/03/09 03:52:49 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/31 20:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/08/06 16:31:44 | 000,233,576 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/06/03 11:25:38 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\Ir.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/09 16:09:36 | 000,339,968 | ---- | M] (Performance Products) -- C:\Program Files\Syrius Updater\SyriusUpdater.exe
PRC - [2007/08/03 12:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/08/03 12:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/12/12 11:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 11:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 11:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/11/04 19:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2002/01/09 03:53:14 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF.exe

========== Modules (SafeList) ==========

MOD - [2010/04/12 23:24:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTL.exe
MOD - [2010/03/13 06:10:20 | 000,948,728 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2010/03/13 06:10:20 | 000,925,688 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaevent.dll
MOD - [2010/03/09 03:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2009/03/06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/04/14 01:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 01:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 01:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 01:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 18:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/05/24 05:20:39 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AGCoreService)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/13 06:10:16 | 003,360,760 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/03/13 06:10:16 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/05/08 12:26:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/06 18:08:58 | 000,533,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/10/31 20:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV - [2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/13 05:39:10 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/03/13 05:38:58 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/03/13 05:38:54 | 000,226,680 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/05/07 16:38:43 | 000,006,494 | R--- | M] (Mitsubishi Electric , NEC-Mitsubishi Electric Visual Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Moni2c.sys -- (DDCCI)
DRV - [2009/04/30 22:02:00 | 008,055,584 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/04/15 12:03:40 | 000,095,592 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2009/02/25 23:09:14 | 000,320,512 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2009/02/25 23:09:10 | 000,012,288 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2009/02/06 18:08:42 | 000,055,152 | R--- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/10/08 01:21:44 | 001,324,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2008/10/08 01:21:44 | 001,324,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2008/10/08 01:21:40 | 000,072,728 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2008/10/08 01:21:40 | 000,072,728 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2008/10/08 01:21:38 | 000,171,032 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2008/10/08 01:21:38 | 000,171,032 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2008/08/01 18:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 18:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 19:46:22 | 000,015,232 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 19:45:12 | 000,060,032 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/10/01 21:06:40 | 000,451,968 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/06/18 04:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/06/01 10:29:04 | 000,210,736 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2007/05/25 09:41:00 | 000,017,328 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 09:40:58 | 000,012,464 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/01/24 14:25:36 | 000,207,872 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (HCW88BDA)
DRV - [2006/12/19 09:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 09:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 09:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 09:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 09:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 09:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 10:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/07/26 11:06:02 | 000,065,536 | ---- | M] (NEC Display Solutions, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NDSPCIIO.dll -- (NDSPCIIO)
DRV - [2002/05/07 14:44:04 | 000,081,700 | R--- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C AB 2D B6 6A D9 CA 01 [binary data]
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/04/13 08:37:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1229272821-179605362-725345543-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1229272821-179605362-725345543-1004..\Run: [EPSON Stylus DX5000 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1229272821-179605362-725345543-1004..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk = C:\WINDOWS\System32\cmd.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Syrius Updater.lnk = C:\WINDOWS\Installer\{964A0E79-160F-4F5F-97D0-9C03CFA434FA}\Icon964A0E79.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Maisy Boo!\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\pc\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\pc\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Tabby\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\pc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\pc\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/27 21:41:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/21 13:45:00 | 000,000,046 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{129e9ff5-687c-11de-a0fe-001cdf9fad75}\Shell - "" = AutoRun
O33 - MountPoints2\{129e9ff5-687c-11de-a0fe-001cdf9fad75}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{129e9ff5-687c-11de-a0fe-001cdf9fad75}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{57ece373-028f-11df-a278-001cdf9fad75}\Shell - "" = AutoRun
O33 - MountPoints2\{57ece373-028f-11df-a278-001cdf9fad75}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57ece373-028f-11df-a278-001cdf9fad75}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/27 22:21:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{5344b500-1be4-4299-bae1-6bc7524b710b} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

markpsych · « **Reply #153 on:** April 17, 2010, 04:16:12 PM »

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: 3
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 22:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\OnlineArmor
[2010/04/17 22:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/04/17 22:02:27 | 000,226,680 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/04/17 22:02:27 | 000,029,560 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/04/17 22:02:27 | 000,024,440 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/04/17 22:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2010/04/17 21:51:46 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/17 21:51:46 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/17 21:51:44 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/17 21:51:43 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/17 21:51:42 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/17 21:51:42 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/17 21:51:41 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/17 21:51:34 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/17 21:51:34 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/17 21:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/17 21:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/17 20:27:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/16 22:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Ares Galaxy Professional
[2010/04/16 18:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\LGInternetKit
[2010/04/16 18:19:26 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\WINDOWS\System32\NMSDVDXU.dll
[2010/04/16 18:19:26 | 000,630,784 | ---- | C] (ComponentOne) -- C:\WINDOWS\System32\vsflex8u.ocx
[2010/04/16 18:19:26 | 000,419,240 | ---- | C] (VideoSoft) -- C:\WINDOWS\System32\Vsflex7L.ocx
[2010/04/16 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\LG PC Suite II
[2010/04/14 15:52:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/14 15:47:26 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTM.exe
[2010/04/14 08:20:39 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/14 08:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Desktop\avenger
[2010/04/14 08:17:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/14 08:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/14 08:14:04 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\pc\Desktop\erunt-setup.exe
[2010/04/13 22:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/04/13 08:37:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/12 23:24:41 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTL.exe
[2010/04/12 11:18:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Desktop\gmer
[2010/04/11 20:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Desktop\RootRepeal
[2010/04/11 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/11 02:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Uniblue
[2010/04/11 01:55:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pc\Recent
[2010/04/11 00:40:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\pc\My Documents\My Shapes
[2010/04/10 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CrypKey
[2010/04/10 22:47:15 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\WINDOWS\Ckconfig.exe
[2010/04/10 22:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2010/04/10 22:23:47 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/10 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Help
[2010/04/10 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Help
[2010/04/10 19:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/04/09 00:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Threat Expert
[2010/04/09 00:35:05 | 001,636,304 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/04/09 00:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/09 00:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 23:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/08 23:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/08 21:32:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 21:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/08 21:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/08 00:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/04/02 11:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Publish Providers
[2010/04/02 11:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Sony
[2010/04/02 11:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Application Data\Sony
[2010/03/31 21:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/03/31 00:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/03/31 00:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pc\Local Settings\Application Data\Temp
[2010/03/31 00:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 00:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/31 00:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/03/07 12:07:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\pc\Application Data\pcouffin.sys
[2010/01/18 22:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/12/01 23:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/11/04 22:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/11/04 22:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/04 22:12:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/07/22 11:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/18 22:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/31 23:16:01 | 000,032,768 | ---- | C] ( ) -- C:\WINDOWS\System32\ShellLnkSSE.dll
[2009/04/27 21:41:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/05/24 05:38:39 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/04/17 22:54:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FDA3C114-5C89-42C5-B4E5-5B64EDE52919}.job
[2010/04/17 22:54:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{35F0AD50-B1A3-4429-AA14-3B4697010D70}.job
[2010/04/17 22:38:12 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Syrius Updater.lnk
[2010/04/17 22:38:05 | 000,162,159 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/17 22:28:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 22:28:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/17 22:27:20 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\pc\ntuser.dat
[2010/04/17 22:27:19 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
[2010/04/17 22:27:19 | 000,053,968 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
[2010/04/17 22:27:19 | 000,053,968 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000006-00001102-00000005-002C1102}.rfx
[2010/04/17 22:27:19 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/17 22:27:19 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/17 22:27:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\pc\ntuser.ini
[2010/04/17 22:27:06 | 004,320,980 | -H-- | M] () -- C:\Documents and Settings\pc\Local Settings\Application Data\IconCache.db
[2010/04/17 22:02:42 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2010/04/17 22:02:33 | 000,450,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/17 22:02:33 | 000,073,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/17 21:51:46 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/17 21:51:42 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/17 16:39:55 | 003,916,775 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\Combo-Fix.exe
[2010/04/17 12:53:43 | 001,374,664 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\MCPR.exe
[2010/04/17 12:48:28 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/04/17 01:01:55 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\fix.reg
[2010/04/16 22:35:19 | 000,867,264 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\SecurityCheck.exe
[2010/04/16 18:19:30 | 000,001,459 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LG PC Suite II.lnk
[2010/04/16 10:13:48 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\avenger.zip
[2010/04/15 13:35:24 | 000,002,048 | ---- | M] () -- C:\WINDOWS\System32\McUsers.dat
[2010/04/15 00:18:27 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/14 23:02:39 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\rc.iso
[2010/04/14 17:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 17:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 17:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/14 15:47:26 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTM.exe
[2010/04/14 08:17:02 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\pc\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/14 08:16:56 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\NTREGOPT.lnk
[2010/04/14 08:16:56 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\ERUNT.lnk
[2010/04/14 08:16:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\pc\Desktop\erunt-setup.exe
[2010/04/13 08:37:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/04/12 23:24:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pc\Desktop\OTL.exe
[2010/04/12 22:13:56 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\Getting there.doc
[2010/04/12 18:13:37 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\pc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/12 11:18:25 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\gmer.zip
[2010/04/12 09:03:18 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/11 20:30:54 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\pc\default.pls
[2010/04/11 20:30:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/11 20:26:10 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\RootRepeal.zip
[2010/04/11 12:54:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/11 00:48:02 | 000,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/10 23:36:49 | 000,003,360 | ---- | M] () -- C:\WINDOWS\System32\esnecil.ind
[2010/04/10 23:36:49 | 000,000,004 | ---- | M] () -- C:\WINDOWS\vx86036.dat
[2010/04/10 23:36:33 | 000,000,127 | ---- | M] () -- C:\WINDOWS\Crypkey.ini
[2010/04/10 22:47:53 | 000,001,680 | ---- | M] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/04/10 22:25:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/04/10 17:23:14 | 000,000,510 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/10 11:24:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/10 09:56:31 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\Picasa 3 (2).lnk
[2010/04/10 09:56:18 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\Picasa 3.lnk
[2010/04/09 11:08:57 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\dds.scr
[2010/04/09 01:40:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/08 23:39:04 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\pc\Desktop\HijackThis.lnk
[2010/04/03 23:28:44 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\Regarding fitting a cd changer to the Elgrand E50.doc
[2010/03/30 17:27:58 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\elgrand overrun.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 10:05:36 | 000,542,182 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/22 19:02:23 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\Dear all cubs.doc
[2010/03/21 17:57:40 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\part.doc
[2010/03/20 18:16:58 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\bunting.doc
[2010/03/18 23:11:57 | 000,011,762 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\tics EOT invoice.docx
[2010/03/18 23:05:28 | 004,281,490 | ---- | M] () -- C:\Documents and Settings\pc\My Documents\D Martin TP Psycho Blank EOT Report.rtf

========== Files Created - No Company Name ==========

[2010/04/17 21:51:46 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/17 16:39:55 | 003,916,775 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\Combo-Fix.exe
[2010/04/17 12:53:32 | 001,374,664 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\MCPR.exe
[2010/04/17 12:48:28 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[2010/04/17 00:55:00 | 000,001,867 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\fix.reg
[2010/04/16 22:35:12 | 000,867,264 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\SecurityCheck.exe
[2010/04/16 18:19:30 | 000,001,459 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LG PC Suite II.lnk
[2010/04/16 10:01:34 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\avenger.exe
[2010/04/15 13:35:24 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\McUsers.dat
[2010/04/14 22:32:05 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\rc.iso
[2010/04/14 08:18:08 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\avenger.zip
[2010/04/14 08:17:02 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\pc\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/04/14 08:16:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\NTREGOPT.lnk
[2010/04/14 08:16:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\ERUNT.lnk
[2010/04/12 22:13:56 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\Getting there.doc
[2010/04/12 11:18:23 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\gmer.zip
[2010/04/11 20:26:07 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\RootRepeal.zip
[2010/04/10 22:47:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2010/04/10 22:47:33 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\esnecil.ind
[2010/04/10 22:47:33 | 000,001,680 | ---- | C] () -- C:\WINDOWS\System32\esnecil.nlp
[2010/04/10 22:47:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010/04/10 22:47:15 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2010/04/10 22:47:15 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010/04/10 22:47:15 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2010/04/10 22:47:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2010/04/10 09:56:31 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\Picasa 3 (2).lnk
[2010/04/10 09:56:18 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\Picasa 3.lnk
[2010/04/09 11:08:55 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\dds.scr
[2010/04/09 00:35:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/04/09 00:30:13 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\ezpinst.log
[2010/04/08 23:39:04 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\pc\Desktop\HijackThis.lnk
[2010/04/08 21:33:31 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/03 23:28:43 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\Regarding fitting a cd changer to the Elgrand E50.doc
[2010/03/30 17:27:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\elgrand overrun.doc
[2010/03/24 13:50:11 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\OC.doc
[2010/03/22 19:02:23 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\Dear all cubs.doc
[2010/03/21 17:57:40 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\part.doc
[2010/03/20 18:16:58 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\bunting.doc
[2010/03/18 23:05:28 | 004,281,490 | ---- | C] () -- C:\Documents and Settings\pc\My Documents\D Martin TP Psycho Blank EOT Report.rtf
[2010/03/07 12:07:35 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\pcouffin.log
[2010/03/07 12:07:27 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\inst.exe
[2010/03/07 12:07:27 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\pcouffin.cat
[2010/03/07 12:07:27 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\pc\Application Data\pcouffin.inf
[2010/01/16 16:37:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/01/16 16:37:11 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/11/01 13:32:12 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini
[2009/06/20 21:06:23 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2009/06/20 21:06:23 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2009/06/20 20:52:32 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\pc\$FFPROFINI$prefs.js
[2009/06/11 21:28:27 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2009/06/08 18:14:54 | 009,437,184 | ---- | C] () -- C:\Documents and Settings\pc\ntuser.dat
[2009/05/31 23:16:01 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2009/05/29 18:50:40 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/05/11 00:32:52 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\pc\default.pls
[2009/05/08 08:28:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/28 19:50:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/28 19:47:18 | 000,032,309 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/28 19:46:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/28 19:45:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2009/04/28 19:18:01 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/27 23:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2009/04/27 23:11:25 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/04/27 23:11:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/04/27 23:11:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009/04/27 23:11:22 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2009/04/27 23:11:22 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2009/04/27 23:11:22 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2009/04/27 22:27:05 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\pc\ntuser.dat.LOG
[2009/04/27 22:27:05 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\pc\ntuser.ini
[2008/10/08 00:08:38 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/10/07 23:41:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/10/07 23:41:40 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/12 21:22:40 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/05/24 06:00:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/07/26 22:13:12 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/07 14:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

========== LOP Check ==========

[2010/04/12 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/04/09 01:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/04/17 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/04 21:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/13 22:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/01/16 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/04/17 22:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/05/08 09:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/23 13:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/09 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/01 23:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/08/10 19:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maisy Boo!\Application Data\MSNInstaller
[2009/07/18 22:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maisy Boo!\Application Data\Windows Desktop Search
[2010/04/16 22:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Ares Galaxy Professional
[2009/05/06 22:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\FUJIFILM
[2010/01/16 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\LG Electronics
[2009/07/29 14:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\OfficeUpdate12
[2010/04/17 22:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\OnlineArmor
[2010/04/02 11:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Publish Providers
[2009/07/17 20:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Red Kawa
[2009/07/17 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Regensoft
[2010/04/02 11:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Sony
[2010/04/11 02:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Uniblue
[2010/03/07 12:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Vso
[2009/07/11 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Desktop Search
[2009/07/12 01:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Search
[2010/04/16 18:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruby\Application Data\FUJIFILM
[2010/04/05 15:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruby\Application Data\LG Electronics
[2010/02/15 22:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruby\Application Data\Windows Desktop Search
[2010/04/05 16:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruby\Application Data\Windows Search
[2010/03/26 11:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\FUJIFILM
[2009/07/13 20:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Windows Desktop Search
[2010/03/03 10:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Windows Live Writer
[2009/08/12 13:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Windows Search
[2010/04/16 22:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tabby\Application Data\Ares Galaxy Professional
[2009/12/08 09:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tabby\Application Data\FUJIFILM
[2009/06/01 17:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tabby\Application Data\MSNInstaller
[2009/07/12 14:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tabby\Application Data\Windows Desktop Search
[2009/07/13 14:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tabby\Application Data\Windows Search
[2010/04/17 22:54:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{35F0AD50-B1A3-4429-AA14-3B4697010D70}.job
[2010/04/17 22:54:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FDA3C114-5C89-42C5-B4E5-5B64EDE52919}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010/01/24 20:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/17 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/21 11:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/03/07 22:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/14 12:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/11/18 18:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Creative
[2009/11/04 21:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/04/13 22:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/04/11 12:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/16 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/11/18 13:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/24 12:29:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/14 08:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/04/28 19:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/17 22:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/05/08 09:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/23 13:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/09 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/03/31 00:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2009/06/19 15:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/09 00:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/28 20:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11161\AcrobatUpdater.exe
[2010/03/24 19:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11161\AdobeARM.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11161\ReaderUpdater.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11556\AcrobatUpdater.exe
[2010/03/24 19:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11556\AdobeARM.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11556\ReaderUpdater.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11905\AcrobatUpdater.exe
[2010/03/24 19:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11905\AdobeARM.exe
[2010/03/24 19:17:47 | 000,326,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11905\ReaderUpdater.exe
[2006/04/18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
[2009/11/04 05:57:06 | 000,206,792 | ---- | M] (LG Electronics) -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe

< %APPDATA%\*. >
[2010/02/17 21:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Adobe
[2009/06/27 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\AdobeUM
[2009/09/19 18:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Apple Computer
[2010/04/16 22:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Ares Galaxy Professional
[2009/05/14 12:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\AVS4YOU
[2009/05/11 01:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Creative
[2010/03/19 20:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\dvdcss
[2009/05/06 22:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\FUJIFILM
[2009/06/25 18:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Google
[2010/04/10 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Help
[2009/04/27 22:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Identities
[2010/02/18 14:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\InstallShield
[2010/01/16 16:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\LG Electronics
[2009/05/06 21:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Macromedia
[2009/11/18 13:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Malwarebytes
[2010/04/11 12:29:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\pc\Application Data\Microsoft
[2009/04/28 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Nero
[2009/07/29 14:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\OfficeUpdate12
[2010/04/17 22:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\OnlineArmor
[2010/04/02 11:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Publish Providers
[2009/07/17 20:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Red Kawa
[2009/07/17 23:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Regensoft
[2010/04/02 11:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Sony
[2009/05/10 14:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Sun
[2010/04/09 10:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\SUPERAntiSpyware.com
[2009/12/01 23:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\U3
[2010/04/11 02:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Uniblue
[2010/04/15 00:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\vlc
[2010/03/07 12:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Vso
[2009/07/11 23:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Desktop Search
[2009/07/12 01:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pc\Application Data\Windows Search

< %APPDATA%\*.exe /s >
[2010/03/07 12:07:27 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\inst.exe
[2010/04/11 12:29:21 | 000,003,584 | R--- | M] () -- C:\Documents and Settings\pc\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\cleanup.exe
[2008/05/02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\Launchpad Removal.exe
[2008/05/04 17:02:26 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\LaunchPad.exe
[2007/10/23 10:44:48 | 000,054,584 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\00001541CB62558A\U3AccessGrant.exe
[2007/10/23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\pc\Application Data\U3\temp\cleanup.exe
[2008/05/02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\pc\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\332eb6f34a89925b92817fd9\i386\sp3.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | R--- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\332eb6f34a89925b92817fd9\i386\sp3.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | R--- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/09/21 15:39:16 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/27 22:25:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/27 22:25:13 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/27 22:25:13 | 000,942,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

markpsych · « **Reply #154 on:** April 17, 2010, 04:17:16 PM »

OTL Extras logfile created on: 17/04/2010 22:53:36 - Run 4
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\pc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 128.90 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
Drive D: | 95.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 102.77 Gb Total Space | 102.71 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-CBB4F2FF4D55
Current User Name: pc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}" = NEC DISPLAY SOLUTIONS NaViSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{964A0E79-160F-4F5F-97D0-9C03CFA434FA}" = Syrius Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adjustment Pattern software utility" = Adjustment Pattern software utility
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CardRecovery" = CardRecovery
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Volume Panel" = Volume Panel
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.0
"InstallShield_{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}" = NEC DISPLAY SOLUTIONS NaViSet
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineArmor_is1" = Online Armor 4.0
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PRJPRO" = Microsoft Office Project Professional 2007
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"Videora iPod nano Converter" = Videora iPod nano Converter 4.08
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.1
"WaveStudio 7" = Creative WaveStudio 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

kevinf80 · « **Reply #155 on:** April 17, 2010, 05:27:24 PM »

Hi Mark,

I think we`ve gone as far as we can with this one and i`m advising that you re-format and re-install windows. I know you have no installation CD, can you get one same as your system XP home edition. You can extract the license key from your system with the Magic Jelly Bean, its an application Google for it. I`m not 100% sure your system is clean, you never can be when you`ve had a rootkit infection. Parts of your registry are corrupt, this may be down to infections, i`m not sure.
The following program will remove all of the tools we have used, and itself, anything left just delete.

Download OTC by OldTimer and save it to your Desktop.
Double click icon to start the program.
If you are using Vista, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Beginning Cleanup Process". Please select Yes.
Restart your computer when prompted.It will also remove the OTC application.

If you only use the PC for non sensitive stuff, no banking etc you may try it for awhile and see how it goes. Monitor the Online Armour Firewall logs, especially outbound. Personally i`d re-format and re-install.

Cheers,

Kevin

markpsych · « **Reply #156 on:** April 18, 2010, 02:35:15 AM »

No problem Kevin,

Your efforts have been much appreciated, and it's been a facinating process which has taught me a lot.

I'll follow your advice and ensure I reinstall. Shoud it be okay then, or would it be worth bumping the thread at that point to revisit any of the checks?

markpsych · « **Reply #157 on:** April 18, 2010, 02:59:42 AM »

Also, can you recommend something other than Online Armor, as it seems to be incompatable with something on my pc. After a few minutes, wireless signal drops, and then everything hangs? Working fine after uninstalling.

And are there any other tools I should use on a regular basis, e.g., a reg cleaner?

kevinf80 · « **Reply #158 on:** April 18, 2010, 07:03:50 AM »

Hi mark,

Yes re-format your HD and re-install windows will be the safest option, instructions available HERE. Regarding a different Firewall, its all down to personal choice, its a shame OA has conflicted because it is one the best Free Firewalls available. Here a couple of others you could try :-

I dont like Registry Cleaners, they can and do damage Registry components, read this blog by Miekiemose Registry Cleaners It explains it all.

I personally use ATF by Atribune, its very good, link and instructions follow:

I recommend ATF Cleaner.
Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Here are some tips to reduce the potential for malware infection in the future; I strongly recommend that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again, oe even re-formatting and re-installing.

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

Firefox,
Opera, and
Chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:
Green to go,
Yellow for caution, and
Red to stop. Available for Firefox and Internet Explorer.

NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. Available for Firefox only.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Please read this excellent article by Tony Klein So how did I get infected in the first place It reiterates some of the above advice and gives a lot of other top tips. Please ignore the reference to SP3 for XP, this is slightly outdated and will be amended soon. Also any Vista users reading this please add SP2 to the advice.

Please keep Malwarebytes for occasional scans, remember to always update first. Also keep AFT by Atribune to keep your system free of clutter. Keeping your hard drive De-fragmented will also go along way to keeping your system at optimum performance. The free version of Auslogic Disk Defrag available HERE will do the job nicely, that site also has an excellent tutorial.

Stay safe and clean,

kevinf80

News:

Author Topic: [Resolved] Can't Remove Infospace / Kiwee Toolbar (Read 10462 times)

markpsych

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

markpsych

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

markpsych

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

markpsych

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

markpsych

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

kevinf80

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

markpsych

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

markpsych

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar

kevinf80

Re: [In Progress] Can't Remove Infospace / Kiwee Toolbar