Results 1 to 10 of 88

Thread: PWS:win32/zbot.gen!AC after downloading Free File Opener

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default PWS:win32/zbot.gen!AC after downloading Free File Opener

    Hello, at beginning March, I received a .docx which I cannot open as only have .doc, the microsoft website suggested I download Free File Opener. Soon after (minutes?) my firewall picked up malware and removed/blocked. Later, a microsoft program told me I had PWS:win32/zbot.gen!AC

    Cannot run DDS, as takes ages and then computer crashes. Could be cos my computer already has something strange going on, because I can not account for about 15gig on the hard drive and it is almost full (32gig)

    I have run Ccleaner, HJT, downloaded spybot and tried to run it (found 2 hotkeys) but computer crashed just before end of it, so will try again, have run malwarebit anti-malware, ERUNT, and downloaded Microsoft Security Essentials and am going to run that when spybot finishes.



    Do I need to do anything else: I would be very grateful if you could advise.

    thanks a lot

  2. #2
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah and

    My name is JonTom

    • Malware Logs can sometimes take a lot of time to research and interpret.
    • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
    • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
    • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
    • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.


    Please let me know what operating system you are running (XP, Win7, Vista, 32 or 64 bit).

    Download the following tool and try to run it:


    1. aswMBR


      • Download aswMBR.exe to your desktop.
      • Double click the aswMBR.exe to run it.
      • When asked if you want to download Avast's virus definitions please select Yes.
      • Click the "Scan" button to start scan.




      • On completion of the scan click save log, save it to your desktop and post in your next reply.





      If it does not run from Normal Mode boot into Safe Mode and try it (and DDS) from there.

    2. Reboot Your System in Safe Mode


      • Restart your computer.
      • As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
      • Use the arrow keys to select the Safe mode menu item.
      • Press Enter.



      Once in Safe Mode, give aswMBR and DDS another try. If they fail to complete their scans let me know.

      have run malwarebit
      Please post the most recent MBAM log for me to review (you can find it by opening MBAM and clicking on the logs tab).
    Proud Graduate of the WTT Classroom

  3. #3
    Member
    Join Date
    Oct 2008
    Posts
    94

    Smile

    Hello JonTom,

    I cannot tell you how happy I am to hear from you!!! So so happy!

    Please could you tell me how to set it up so I get an email when you reply? thanks.

    operating system is XP, dont know if 32 or 64 bit.

    MBAM log:

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3982

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    17/03/2012 10:08:17
    mbam-log-2012-03-17 (10-08-17).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 185758
    Time elapsed: 1 hour(s), 37 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    aswMBR (was set to "quick scan" I noticed) log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-23 22:35:52
    -----------------------------
    22:35:52.935 OS Version: Windows 5.1.2600 Service Pack 3
    22:35:52.935 Number of processors: 1 586 0xD08
    22:35:52.935 ComputerName: MAXIMILLION UserName: 1 Sarah
    22:36:16.559 Initialize success
    22:39:11.693 AVAST engine defs: 12032302
    22:39:41.113 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:39:41.113 Disk 0 Vendor: HTS541040G9AT00 MB2IA60A Size: 38154MB BusType: 3
    22:39:41.160 Disk 0 MBR read successfully
    22:39:41.160 Disk 0 MBR scan
    22:39:41.520 Disk 0 unknown MBR code
    22:39:41.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 34086 MB offset 63
    22:39:41.848 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 4067 MB offset 69809040
    22:39:42.910 Disk 0 scanning sectors +78140160
    22:39:43.598 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:41:48.718 Service scanning
    22:42:56.559 Service MpKsl6bbbadd1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{679B0FC7-69F0-49F8-B47B-630253CE429D}\MpKsl6bbbadd1.sys **LOCKED** 32
    22:44:39.555 Modules scanning
    22:45:13.851 Disk 0 trace - called modules:
    22:45:13.866 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    22:45:13.866 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a52dab8]
    22:45:13.866 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\0000009b[0x8a5772a0]
    22:45:13.866 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a556940]
    22:45:14.960 AVAST engine scan C:\WINDOWS
    22:46:04.208 AVAST engine scan C:\WINDOWS\system32
    23:16:05.198 AVAST engine scan C:\WINDOWS\system32\drivers
    23:17:35.039 AVAST engine scan C:\Documents and Settings\1 Sarah
    23:39:03.803 AVAST engine scan C:\Documents and Settings\All Users
    23:44:43.326 Scan finished successfully
    23:49:34.805 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\1 Sarah\Desktop\MBR.dat"
    23:49:34.836 The log file has been saved successfully to "C:\Documents and Settings\1 Sarah\Desktop\aswMBR 23.3.12.txt"


    I will post this then re-start laptop in safe mode to try dds

    big thanks!! sarah

  4. #4
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    cannot run in safe mode or safe mode with networking: gets stuck as list of pathways (?) comes up...

    think have found out how to subscribe to thread, so dont worry about answering that question.

    thanks, look forward to hearing from you,

    sarah

  5. #5
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello ecosarah

    Thank you for the aswMBR log.

    Lets see if we can get the following scan to run:

    1. Download and run OTL by Oldtimer


      • Please download OTL by Oldtimer by clicking here and save the file (called OTL.com) to your desktop.
      • Close all open windows on your computer then Double click on the OTL.com icon to run the program.
      • Check the boxes beside "LOP Check" and "Purity Check".
      • Under Custom Scan paste this in:



      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT


      • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.


      • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
      • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.


      If OTL is able to run please post both logs in your next reply.

      If the machine crashes (as it did with DDS) please scan with HJT and post the log for me to review.

    Proud Graduate of the WTT Classroom

  6. #6
    Member
    Join Date
    Oct 2008
    Posts
    94

    Default

    It was touch and go but we got there:

    OTL logfile created on: 24/03/2012 17:36:52 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\1 Sarah\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.49 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 65.37% Memory free
    2.83 Gb Paging File | 2.31 Gb Available in Paging File | 81.64% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.29 Gb Total Space | 1.09 Gb Free Space | 3.27% Space Free | Partition Type: NTFS

    Computer Name: MAXIMILLION | User Name: 1 Sarah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/24 17:34:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1 Sarah\Desktop\OTL.com
    PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2011/11/03 14:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/07/01 19:10:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/04/30 08:52:26 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/12/24 12:02:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/03/18 10:07:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    PRC - [2005/03/18 10:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
    PRC - [2005/03/04 00:10:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    PRC - [2004/12/16 11:49:44 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    PRC - [2004/11/04 16:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
    PRC - [2004/09/06 23:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    PRC - [2003/07/12 01:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
    PRC - [2002/01/10 22:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    MOD - [2010/01/28 11:57:58 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2005/03/19 06:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
    MOD - [2005/03/04 00:10:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    MOD - [2005/01/21 08:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
    MOD - [2005/01/21 08:00:00 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
    MOD - [2004/12/16 11:49:44 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    MOD - [2004/12/16 10:41:58 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll
    MOD - [2004/11/24 09:10:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\EZMAPRES.DLL
    MOD - [2004/09/06 23:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    MOD - [2004/08/17 19:28:12 | 000,225,280 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll
    MOD - [2004/08/13 03:11:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
    MOD - [2003/07/12 01:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
    MOD - [2003/07/04 06:49:30 | 000,024,576 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
    SRV - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
    SRV - [2011/08/12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2011/07/01 19:10:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2011/04/30 08:52:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/04/02 15:52:56 | 000,543,744 | ---- | M] (OptionNV) [Disabled | Stopped] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
    SRV - [2008/08/29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
    SRV - [2005/03/18 10:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
    SRV - [2004/12/16 11:49:44 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
    SRV - [2004/11/04 16:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
    SRV - [2004/10/01 22:06:34 | 000,163,840 | ---- | M] (Broadcom Corporation) [On_Demand | Stopped] -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2003/07/12 01:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\ZoneLabs\srescan.sys -- (srescan)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LVCD.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\glauiad.sys -- (iadusb)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
    DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
    DRV - [2011/12/18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
    DRV - [2011/11/03 14:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV - [2011/07/01 19:10:25 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/07/01 19:10:25 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
    DRV - [2009/12/24 20:57:13 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2009/12/24 20:57:13 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
    DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/10/21 08:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
    DRV - [2008/10/21 08:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
    DRV - [2008/10/21 08:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
    DRV - [2008/10/21 08:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
    DRV - [2008/10/21 08:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
    DRV - [2008/10/21 08:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
    DRV - [2008/10/21 08:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
    DRV - [2008/04/13 18:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/02/18 16:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
    DRV - [2008/02/08 12:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
    DRV - [2008/02/01 15:43:22 | 000,103,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt2.sys -- (camfilt2)
    DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
    DRV - [2007/12/10 13:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
    DRV - [2007/12/10 13:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
    DRV - [2007/12/10 13:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
    DRV - [2007/12/10 13:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
    DRV - [2007/12/10 13:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
    DRV - [2007/12/10 13:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
    DRV - [2007/12/10 13:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
    DRV - [2007/07/13 09:45:08 | 000,285,952 | ---- | M] (Akkord Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HDvidv.sys -- (APL531)
    DRV - [2007/06/14 17:34:00 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
    DRV - [2007/05/21 07:29:26 | 000,235,648 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
    DRV - [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
    DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
    DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
    DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
    DRV - [2007/04/03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
    DRV - [2007/04/03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
    DRV - [2007/04/03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
    DRV - [2007/04/03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
    DRV - [2007/04/03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
    DRV - [2007/04/03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
    DRV - [2007/03/30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
    DRV - [2005/08/15 19:25:50 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2005/03/18 10:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
    DRV - [2005/03/18 10:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/03/18 10:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
    DRV - [2005/02/14 15:00:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2005/02/11 09:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
    DRV - [2005/02/11 09:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
    DRV - [2005/01/21 08:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2005/01/21 08:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2005/01/21 08:00:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2004/12/16 11:12:20 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
    DRV - [2004/12/07 00:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/12/02 23:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
    DRV - [2004/12/02 22:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
    DRV - [2004/12/01 09:33:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2004/11/10 23:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2004/11/10 23:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/11/10 23:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/10/15 17:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2004/10/01 21:51:46 | 000,017,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2004/10/01 21:48:30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2004/10/01 21:47:06 | 000,147,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2004/10/01 21:44:22 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2004/10/01 21:43:44 | 000,054,488 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2004/08/04 12:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2004/08/04 12:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2004/05/19 20:41:26 | 000,013,757 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
    DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
    DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
    DRV - [2002/02/19 12:06:28 | 000,021,019 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\u2s2kxp.sys -- (U2SP) USB to Serial Converter Driver(Philips)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.saynoto0870.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {78F909E2-E4DC-4AF1-8FD7-B411278EEC6D}
    IE - HKCU\..\SearchScopes\{04E563C9-734C-41AE-A368-E84AB98DF7A7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE0006
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{78F909E2-E4DC-4AF1-8FD7-B411278EEC6D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live UK Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2516768&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.saynoto0870.com/numbersearch.php"
    FF - prefs.js..extensions.enabledItems: {53c4d698-0a74-873e-7946-7d19bb035667}:2.6
    FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
    FF - prefs.js..extensions.enabledItems: feedbar@efinke.com:5.0
    FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.0.3.0
    FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.2.1
    FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
    FF - prefs.js..extensions.enabledItems: reliby@gemal.dk:1.5.0
    FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:4.1
    FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
    FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
    FF - prefs.js..extensions.enabledItems: firefox-extension@shareaholic.com:2.2.0
    FF - prefs.js..extensions.enabledItems: {BEDED222-EAEC-11DA-9B41-B622A1EF5492}:1.0.12
    FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
    FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
    FF - prefs.js..extensions.enabledItems: taboo@runningfrombears.com:0.6.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
    FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/01 19:48:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/17 22:42:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 14:18:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 15:17:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/01/11 12:59:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/12 15:17:14 | 000,000,000 | ---D | M]

    [2008/07/01 19:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Extensions
    [2012/03/23 22:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\extensions
    [2011/12/09 10:41:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    [2010/12/23 22:31:05 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2011/11/07 17:47:35 | 000,000,000 | ---D | M] ("MemberPlugin") -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\extensions\MemberPlugin@edward.hibbert
    [2010/02/09 20:50:18 | 000,000,000 | ---D | M] (Reliby) -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\extensions\reliby@gemal.dk
    [2009/07/22 10:32:24 | 000,000,000 | ---D | M] (Save Session) -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\extensions\savesession@noasobi.net
    [2012/03/03 05:46:54 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\extensions\zotero@chnm.gmu.edu
    [2011/09/25 18:28:32 | 000,002,220 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\searchplugins\amabay-uk.xml
    [2012/03/16 22:22:21 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\searchplugins\amazon-decouk.xml
    [2010/02/06 22:17:22 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\searchplugins\conduit.xml
    [2011/09/25 18:29:34 | 000,011,430 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\searchplugins\ebaycouk-search.xml
    [2008/06/25 12:48:35 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\searchplugins\wikipedia-en.xml
    [2011/07/09 20:01:05 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Application Data\Mozilla\Firefox\Profiles\wyor7n6s.default\searchplugins\youtube-ssl.xml
    [2012/01/10 14:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/03/02 20:33:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/01/10 14:18:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2008/04/11 17:38:19 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
    [2012/01/10 14:17:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/10 14:17:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google ()
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

    O1 HOSTS File: ([2008/11/05 22:12:18 | 000,286,531 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
    O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
    O1 - Hosts: 9901 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
    O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
    O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
    O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
    O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
    O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - Startup: C:\Documents and Settings\1 Sarah\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ll-142-win.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDC00D27-CAA4-4564-8568-4160324D1BAF}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
    O20 - AppInit_DLLs: (avgrsstx.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\IBM fingerprint software\psfus.dll) - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
    O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
    O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\1 Sarah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/10/06 06:35:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{27e883a2-1d58-11df-9d61-001125d3afa3}\Shell - "" = AutoRun
    O33 - MountPoints2\{27e883a2-1d58-11df-9d61-001125d3afa3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{27e883a2-1d58-11df-9d61-001125d3afa3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{b7cead68-1c05-11df-9d60-001125d3afa3}\Shell - "" = AutoRun
    O33 - MountPoints2\{b7cead68-1c05-11df-9d60-001125d3afa3}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b7cead68-1c05-11df-9d60-001125d3afa3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/24 17:34:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1 Sarah\Desktop\OTL.com
    [2012/03/23 22:35:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\1 Sarah\Desktop\aswMBR.exe
    [2012/03/18 02:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
    [2012/03/17 22:44:56 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2012/03/17 22:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
    [2012/03/17 22:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/03/17 18:39:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\1 Sarah\Desktop\dds.scr
    [2012/03/17 18:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/03/17 18:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/03/17 18:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2012/03/17 08:58:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\1 Sarah\Recent
    [2012/03/17 08:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2012/03/03 06:25:19 | 006,600,192 | ---- | C] (Mirage Systems) -- C:\WINDOWS\System32\LicProtector310.exe
    [2012/03/03 06:25:19 | 002,323,520 | ---- | C] (gdpicture.com) -- C:\WINDOWS\System32\gdpicturepro5.ocx
    [2012/03/02 20:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2012/03/02 20:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/24 17:43:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2012/03/24 17:34:51 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1 Sarah\Desktop\OTL.com
    [2012/03/24 00:28:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/03/24 00:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/24 00:22:09 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/23 23:49:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Desktop\MBR.dat
    [2012/03/23 22:36:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\1 Sarah\Desktop\aswMBR.exe
    [2012/03/17 22:41:22 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/03/17 22:40:05 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/03/17 21:21:13 | 000,262,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/17 21:11:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/03/17 18:39:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\1 Sarah\Desktop\dds.scr
    [2012/03/17 18:34:46 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/03/17 18:34:11 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Desktop\ERUNT.lnk
    [2012/03/17 18:33:01 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\1 Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/03/17 09:01:40 | 000,582,406 | ---- | M] () -- C:\Documents and Settings\1 Sarah\My Documents\cc_backup changes 17.3.12.reg
    [2012/03/06 09:31:11 | 000,435,154 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/06 09:31:11 | 000,068,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/03/06 09:21:41 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/23 23:49:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\1 Sarah\Desktop\MBR.dat
    [2012/03/17 22:46:08 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/03/17 22:41:22 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012/03/17 22:40:40 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/03/17 21:11:06 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/03/17 18:34:46 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\1 Sarah\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/03/17 18:34:11 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\1 Sarah\Desktop\ERUNT.lnk
    [2012/03/17 18:33:01 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\1 Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2012/03/17 09:00:57 | 000,582,406 | ---- | C] () -- C:\Documents and Settings\1 Sarah\My Documents\cc_backup changes 17.3.12.reg
    [2012/03/06 09:21:41 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2012/02/20 18:26:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/10/10 10:28:05 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
    [2011/09/24 20:22:09 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
    [2010/05/05 20:26:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/04/11 19:50:23 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini

    ========== LOP Check ==========

    [2012/01/25 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Amorh
    [2010/04/10 21:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\AVGTOOLBAR
    [2010/07/24 09:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\CheckPoint
    [2009/05/01 19:09:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/18 20:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Desktopicon
    [2012/01/18 18:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\HTC
    [2011/12/30 13:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2009/07/25 23:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\HTML Executable
    [2005/10/07 15:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\IBM
    [2005/10/30 10:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\InterVideo
    [2008/04/03 19:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\iolo
    [2009/05/22 07:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\MSNInstaller
    [2010/01/19 19:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\MyPhoneExplorer
    [2007/05/14 10:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Nikon
    [2009/05/31 17:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Nokia Multimedia Player
    [2007/04/12 14:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\OpenOffice.org1.9.79
    [2011/12/30 13:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Outlook
    [2012/03/03 07:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Suyguvl
    [2010/02/19 12:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Tatara Systems
    [2011/06/14 08:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\TeamViewer
    [2009/12/31 13:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Teleca
    [2012/01/11 12:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Thunderbird
    [2011/05/09 20:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\Uniblue
    [2009/05/29 14:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\uTorrent
    [2008/11/01 20:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1 Sarah\Application Data\WinPatrol
    [2010/09/23 11:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2012/01/11 11:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
    [2005/10/11 11:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
    [2008/04/03 19:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2008/02/18 09:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2010/02/19 12:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
    [2011/03/04 18:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
    [2005/11/26 11:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
    [2009/12/28 11:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2010/01/19 19:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/03/17 08:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2011/10/24 11:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/03/24 00:28:09 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2012/03/24 17:43:13 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >
    [2008/09/29 13:07:31 | 000,000,184 | ---- | M] () -- C:\setuplog.exe

    < MD5 for: AGP440.SYS >
    [2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
    [2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/10/14 13:06:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/10/14 13:06:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
    [2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/10/14 13:06:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/10/14 13:06:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/09 17:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/09 17:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/09 17:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/01/09 16:20:25 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0

    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •