HJT log (Resolved)

none of them work.

for malwarebytes, a command type box appears for a split second then goes.

for RSIT and combo, i get a message saying 'open file - security warning. option run or cancel. when i click run i get the command type box then nothing

i have had a quick look on the net about the 'antivirus' program and found this. should i try that?
 
katana said:
Please do.
Click to expand...

not working. i have downloaded task manager fix, but there is no task in applications (other than for the internet explorer i have open). there are 26 processes running, 8 of which are svchost.exe.

i still cant open any programs, and i can only get internet explorer to work by opening a folder and typing a website into address bar

so far, ive had no popups or anything for the windows antivirus pro (always the same when you want it to appear!)
 
forgot to say, there is a svchast.exe in the list too, which is mentioned on the removal guide. i have ended that, but i still cant run any programs
 
We need some updated info, please try the following programs until one works and produces a log



Download OTListIt:

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • Post both logs individually please.

----------------------------------------------------------------------------------------

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt

----------------------------------------------------------------------------------------

OTScanIt

  1. Please download OTS.exe by OldTimer and save it to your desktop.
  2. Double click on OTS.exe to run it.
  3. Put a checkmark in the Include 64Bit Scans box
  4. Under Additional Scans section, put a check mark next to Reg - Uninstall List. ( you will need to scroll down)
  5. Click on the Run Scan button at the top left hand corner.
  6. OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

----------------------------------------------------------------------------------------

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:

http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe

Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.

Double-click on this file and post the contents as a reply to this topic.
 
Cant do anything.

i can download them, but when i try to run any of them, a command type box appears for a split second and thats it. ive tried in safe mode, and its still the same.

so far, i have been unable to open any programs by double clicking the icon, but i can open a program by opening a dosument. i.e i cannot open excel, but if i open a .xls file, then excel opens. same with firefox - if i open a html already on pc, then it opens
 
Please try this ....



Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\results.txt del /q C:\results.txt
regedit /e C:\look1.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
regedit /e C:\look2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run"
regedit /e C:\look3.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
regedit /e C:\look4.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler"
regedit /e C:\look5.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System"
type C:\look*.txt >> C:\results.txt
start notepad C:\results.txt
del /q C:\look*.txt
del /q %0
exit
Click to expand...
Double click on look.bat
Please be patient, as this will search the entire disc

Notepad will open, please copy/paste the results here.
 
done that, results below

notepad opened very quickly, less than 2 seconds? should it have taken longer? (just with you saying be patient)



results:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\\Program Files\\Unlocker\\UnlockerAssistant.exe -H"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"BullGuard"="\"C:\\Program Files\\BullGuard Ltd\\BullGuard\\bullguard.exe\" -boot"
"PAC7302_Monitor"="C:\\WINDOWS\\PixArt\\PAC7302\\Monitor.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"DU Meter"="C:\\Program Files\\DU Meter\\DUMeter.exe"
"BullGuard"="\"C:\\Program Files\\BullGuard Ltd\\BullGuard\\bullguard.exe\""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
 
That's fine,

Please try the following now.


Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it runmbam.bat Please save it on your desktop.

@Echo off
if exist "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" copy "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" "C:\Program Files\Malwarebytes' Anti-Malware\CleanMe.exe"
"C:\Program Files\Malwarebytes' Anti-Malware\CleanMe.exe"
Del /q %0
Click to expand...
Double click on runmbam.bat
This will create a copy of MalwareBytes file and then (hopefully) run it
 
that has worked and allowed malwarebytes to run. scan done and problems fixed. after re-start, i can now open programs.

log from malware bytes

Malwarebytes' Anti-Malware 1.40
Database version: 2707
Windows 5.1.2600 Service Pack 3

29/08/2009 13:00:18
mbam-log-2009-08-29 (13-00-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271926
Time elapsed: 17 minute(s), 23 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 41

Memory Processes Infected:
C:\WINDOWS\svchast.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Delete on reboot.
C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirusPro) -> Delete on reboot.
C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\svchast.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dddesot.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe (Rogue.WindowsAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows Antivirus Pro\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\desot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
 
Please rename Combofix to CleanMe and try running that now.

If it still gives problems, please run the following.

OTScanIt

  1. Please download OTS.exe by OldTimer and save it to your desktop.
  2. Double click on OTS.exe to run it.
  3. Under Additional Scans section, put a check mark next to Reg - Uninstall List. ( you will need to scroll down)
  4. Click on the Run Scan button at the top left hand corner.
  5. OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
 
cant run combofix, same blue screen

OTS runs though. the results (its too long to post, so results will be in 2 posts)

Code: 
OTS logfile created on: 29/08/2009 14:07:07 - Run 1
OTS by OldTimer - Version 3.0.10.3     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.58% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 179.03 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
bullguard.exe -> C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe -> [2009/08/23 10:38:26 | 00,304,464 | ---- | M] (BullGuard Ltd.)
bullguardupdate.exe -> C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -> [2009/04/06 11:33:00 | 00,300,368 | ---- | M] (BullGuard Ltd.)
dumeter.exe -> C:\Program Files\DU Meter\DUMeter.exe -> [2009/08/22 18:21:37 | 02,645,528 | ---- | M] (Hagel Technologies Ltd)
dumetersvc.exe -> C:\Program Files\DU Meter\DUMeterSvc.exe -> [2009/08/22 18:21:37 | 01,386,008 | ---- | M] (Hagel Technologies Ltd)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/07/03 10:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/07/31 00:39:42 | 00,908,280 | ---- | M] (Mozilla Corporation)
groovemonitor.exe -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe -> [2006/10/27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/26 18:32:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
monitor.exe -> C:\WINDOWS\PixArt\PAC7302\Monitor.exe -> [2006/11/03 12:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\System32\nvsvc32.exe -> [2009/02/18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/08/28 22:53:08 | 00,514,048 | ---- | M] (OldTimer Tools)
rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> [2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
reader_sl.exe -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2007/02/26 16:03:00 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.)
skype.exe -> C:\Program Files\Skype\Phone\Skype.exe -> [2008/08/12 19:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
skypepm.exe -> C:\Program Files\Skype\Plugin Manager\skypePM.exe -> [2008/08/12 19:19:02 | 00,076,744 | R--- | M] (Skype Technologies)
tomtomhomeservice.exe -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2009/04/08 11:38:14 | 00,092,008 | ---- | M] (TomTom)
unlockerassistant.exe -> C:\Program Files\Unlocker\UnlockerAssistant.exe -> [2008/05/02 01:15:46 | 00,015,872 | ---- | M] ()
wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
wdfmgr.exe -> C:\WINDOWS\System32\wdfmgr.exe -> [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
winampa.exe -> C:\Program Files\Winamp\winampa.exe -> [2009/02/25 22:26:00 | 00,037,888 | ---- | M] ()
wmiprvse.exe -> C:\WINDOWS\System32\wbem\wmiprvse.exe -> [2008/04/14 11:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2005/09/23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation)
(bglivesvc) BullGuard LiveUpdate [Win32_Own | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -> [2009/04/06 11:33:00 | 00,300,368 | ---- | M] (BullGuard Ltd.)
(bgmainsvc) BullGuard Main Service [Win32_Shared | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -> [2009/08/23 10:38:26 | 00,079,184 | ---- | M] (BullGuard Ltd.)
(bgrasvc) bgrasvc [Win32_Own | On_Demand | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe -> [2009/06/01 12:50:34 | 00,079,184 | ---- | M] (BullGuard Ltd.)
(bsfilescan) BullGuard File Scan Service [Win32_Shared | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -> [2009/04/06 11:32:54 | 00,132,432 | ---- | M] (BullGuard Ltd.)
(bsfire) BullGuard Firewall Service [Win32_Shared | Auto | Running] -> C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -> [2009/04/06 11:32:56 | 00,333,136 | ---- | M] (BullGuard Ltd.)
(bsmailproxy) BullGuard Email Monitoring Service [Win32_Shared | Auto | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll -> [2009/04/16 13:20:18 | 00,087,376 | ---- | M] (BullGuard Ltd.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2005/09/23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation)
(DUMeterSvc) DU Meter Service [Win32_Own | Auto | Running] -> C:\Program Files\DU Meter\DUMeterSvc.exe -> [2009/08/22 18:21:37 | 01,386,008 | ---- | M] (Hagel Technologies Ltd)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 11:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/05/26 18:32:10 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -> [2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\nvsvc32.exe -> [2009/02/18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -> [2007/04/22 21:29:34 | 00,088,824 | ---- | M] (Sonic Solutions)
(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -> [2007/04/22 21:29:32 | 00,359,160 | ---- | M] (Sonic Solutions)
(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> [2007/04/23 12:43:54 | 00,310,008 | ---- | M] (Sonic Solutions)
(RoxMediaDB9) RoxMediaDB9 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2007/04/23 12:43:46 | 01,010,424 | ---- | M] (Sonic Solutions)
(RoxWatch9) Roxio Hard Drive Watcher 9 [Win32_Own | Auto | Stopped] -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -> [2007/04/23 12:43:54 | 00,166,648 | ---- | M] (Sonic Solutions)
(TomTomHOMEService) TomTomHOMEService [Win32_Own | Auto | Running] -> C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -> [2009/04/08 11:38:14 | 00,092,008 | ---- | M] (TomTom)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\wdfmgr.exe -> [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(57852f5b) 57852f5b [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\57852f5b.sys -> [2009/08/27 19:53:30 | 00,000,000 | ---- | M] ()
(afw) Agnitum firewall driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\afw.sys -> [2009/03/23 13:07:16 | 00,031,128 | R--- | M] (Agnitum Ltd.)
(afwcore) afwcore [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\afwcore.sys -> [2009/03/23 13:07:16 | 00,257,304 | ---- | M] (Agnitum Ltd.)
(Aspi32) Aspi32 [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\aspi32.sys -> [2006/02/25 15:13:06 | 00,016,877 | ---- | M] (Adaptec)
(bdfilespy) BullGuard File Monitor Driver [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\BdFileSpy.sys -> [2009/01/23 14:48:56 | 00,055,504 | ---- | M] (BullGuard Ltd.)
(DgiVecp) DgiVecp [Kernel | Auto | Running] -> C:\WINDOWS\System32\Drivers\DgiVecp.sys -> [2007/02/24 00:18:34 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.)
(giveio) giveio [Kernel | Boot | Running] -> C:\WINDOWS\system32\giveio.sys -> [1996/04/03 20:33:26 | 00,005,248 | ---- | M] ()
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/14 11:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2007/03/01 18:27:00 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -> [2009/02/18 15:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce 10/100 Mbps Ethernet  [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -> [2008/12/30 12:29:33 | 00,054,784 | ---- | M] (NVIDIA Corporation)
(nvgts) nvgts [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvgts.sys -> [2008/12/30 12:14:40 | 00,145,952 | ---- | M] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -> [2008/12/30 12:29:33 | 00,022,016 | ---- | M] (NVIDIA Corporation)
(PAC7302) PAC7302 VGA USB Camera [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\PAC7302.SYS -> [2007/06/14 16:29:08 | 00,457,856 | ---- | M] (PixArt Imaging Inc.)
(Pnp680r) Silicon Image SiI 0680 Medley Raid Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\pnp680r.sys -> [2002/05/31 17:35:02 | 00,076,976 | ---- | M] (Silicon Image, Inc)
(profos) profos [Kernel | On_Demand | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -> [2009/08/23 10:38:27 | 00,014,720 | ---- | M] (BitDefender S.R.L.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2008/04/14 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008/08/20 18:58:58 | 00,044,944 | ---- | M] (Sonic Solutions)
(RimUsb) BlackBerry Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\RimUsb.sys -> [2006/11/07 20:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited)
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\RimSerial.sys -> [2007/01/18 11:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\RootMdm.sys -> [2008/04/14 11:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2008/04/14 11:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(speedfan) speedfan [Kernel | Boot | Running] -> C:\WINDOWS\system32\speedfan.sys -> [2006/09/24 14:28:46 | 00,005,248 | ---- | M] (Windows (R) 2000 DDK provider)
(SysProtDrv.sys) SysProtDrv.sys [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\Administrator\Desktop\temp downloaded stuff\SysProt\SysProt\SysProtDrv.sys -> [2009/08/28 18:32:21 | 00,044,288 | ---- | M] ()
(trufos) trufos [Kernel | On_Demand | Stopped] -> C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys -> [2009/08/23 10:38:27 | 00,039,808 | ---- | M] (BitDefender S.R.L.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2008/04/14 01:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation)
(wceusbsh) Windows CE USB Serial Host Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -> [2006/11/06 19:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"provider" ->  -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\b1seu9e4.default\prefs.js -> 
browser.search.selectedEngine -> "Answers.com" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {FDE180A3-C4F5-4D5A-B889-16C2669E1E61}:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/05/26 18:32:10 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61} -> C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61} [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61}] -> [2009/08/22 18:49:56 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX -> 
HKLM\software\mozilla\mozilla firefox 3.5.2\extensions ->  -> 
HKLM\software\mozilla\mozilla firefox 3.5.2\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
HKLM\software\mozilla\mozilla firefox 3.5.2\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions -> [2009/03/07 18:01:40 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/03/07 18:01:40 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\home2@tomtom.com -> [2009/03/07 18:01:40 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\b1seu9e4.default\extensions -> [2009/08/24 21:45:23 | 00,101,571 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/07/31 00:39:42 | 10,728,440 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/07/31 00:39:42 | 10,728,440 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/07/31 00:39:42 | 10,728,440 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/07/31 00:39:43 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/07/31 00:39:43 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/05/26 18:32:10 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/07/31 00:39:43 | 00,065,016 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/08/24 21:45:18 | 00,000,000 | ---D | M]
amazon-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-en-GB.xml -> [2009/07/30 23:24:36 | 00,001,538 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/31 00:39:40 | 00,002,193 | ---- | M] ()
chambers-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\chambers-en-GB.xml -> [2009/07/30 23:24:36 | 00,000,947 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/31 00:39:40 | 00,001,534 | ---- | M] ()
eBay-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-en-GB.xml -> [2009/07/30 23:24:36 | 00,000,769 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/31 00:39:40 | 00,002,371 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/31 00:39:40 | 00,001,178 | ---- | M] ()
yahoo-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-en-GB.xml -> [2009/07/30 23:24:36 | 00,000,831 | ---- | M] ()
Hosts file not found -> -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask.com Toolbar] -> [2009/04/02 19:50:28 | 00,809,864 | ---- | M] (Ask.com)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask.com Toolbar] -> [2009/04/02 19:50:28 | 00,809,864 | ---- | M] (Ask.com)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 19:43:00 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"avast!" -> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> File not found
"AVG8_TRAY" -> C:\PROGRA~1\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> File not found
"BullGuard" -> C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe ["C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot] -> [2009/08/23 10:38:26 | 00,304,464 | ---- | M] (BullGuard Ltd.)
"GrooveMonitor" -> C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2006/10/27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2009/02/18 15:44:00 | 13,680,640 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2009/02/18 15:44:00 | 00,086,016 | ---- | M] (NVIDIA Corporation)
"PAC7302_Monitor" -> C:\WINDOWS\PixArt\PAC7302\Monitor.exe [C:\WINDOWS\PixArt\PAC7302\Monitor.exe] -> [2006/11/03 12:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation)
"RoxWatchTray" -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> [2007/04/23 12:43:50 | 00,228,088 | ---- | M] (Sonic Solutions)
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/02/26 16:03:00 | 16,125,440 | ---- | M] (Realtek Semiconductor Corp.)
"SkyTel" -> C:\WINDOWS\SkyTel.exe [SkyTel.EXE] -> [2006/05/16 19:04:00 | 02,879,488 | ---- | M] (Realtek Semiconductor Corp.)
"UnlockerAssistant" -> C:\Program Files\Unlocker\UnlockerAssistant.exe [C:\Program Files\Unlocker\UnlockerAssistant.exe -H] -> [2008/05/02 01:15:46 | 00,015,872 | ---- | M] ()
"WinampAgent" -> C:\Program Files\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> [2009/02/25 22:26:00 | 00,037,888 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"BullGuard" -> C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe ["C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"] -> [2009/08/23 10:38:26 | 00,304,464 | ---- | M] (BullGuard Ltd.)
"DU Meter" -> C:\Program Files\DU Meter\DUMeter.exe [C:\Program Files\DU Meter\DUMeter.exe] -> [2009/08/22 18:21:37 | 02,645,528 | ---- | M] (Hagel Technologies Ltd)
"H/PC Connection Agent" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"Skype" -> C:\Program Files\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008/08/12 19:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer
\\"Windows Update Menu Text" ->  [Microsoft Update] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDesktopCleanupWizard" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableStatusMessages" ->  [0] -> File not found
\\"VerboseStatus" ->  [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoResolveTrack" ->  [1] -> File not found
\\"LinkResolveIgnoreLinkInfo" ->  [1] -> File not found
\\"NoResolveSearch" ->  [1] -> File not found
\\"NoLowDiskSpaceChecks" ->  [1] -> File not found
\\"NoInstrumentation" ->  [1] -> File not found
\\"NoStartMenuMFUprogramsList" ->  [1] -> File not found
\\"ClearRecentDocsOnExit" ->  [1] -> File not found
\\"NoFolderOptions" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{dfb852a3-47f8-48c4-a200-58cab36fd2a2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{dfb852a3-47f8-48c4-a200-58cab36fd2a2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 194.168.4.100 194.168.8.100 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{C1AB0E24-EBEF-4145-AFB1-CD3C7E046FEA}\\DhcpNameServer -> 194.168.4.100 194.168.8.100   (NVIDIA nForce 10/100 Mbps Ethernet ) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/07/03 10:38:24 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter ->  -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/27 01:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 11:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 11:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/14 11:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 11:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 14:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 14:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 14:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2006/10/27 16:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2006/10/27 16:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2006/10/27 16:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/08/12 19:19:02 | 21,741,864 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/03/04 22:02:01 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{b5b1da9e-3d86-11de-957b-001bfc4adb54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b1da9e-3d86-11de-957b-001bfc4adb54}\Shell\AutoRun\command
\{b5b1da9e-3d86-11de-957b-001bfc4adb54}\Shell\AutoRun\command\\"" -> K:\InstallTomTomHOME.exe [K:\InstallTomTomHOME.exe] -> File not found
 
[Registry - Additional Scans - Safe List]
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
{0AAA9C97-74D4-47CE-B089-0B147EF3553C} -> Windows Live Messenger
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{2184D9EA-4E5B-43FD-914E-4563CF028C94} -> MetalGearSolid2 Substance
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{26A24AE4-039D-4CA4-87B4-2F83216013FF} -> Java(TM) 6 Update 13
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3B4E636E-9D65-4D67-BA61-189800823F52} -> Windows Live Communications Platform
{45338B07-A236-4270-9A77-EBB4115517B5} -> Windows Live Sign-in Assistant
{4B35F00C-E63D-40DC-9839-DF15A33EAC46} -> Grand Theft Auto Vice City
{4F6F5C1E-F109-4A58-8F43-9A1039CDAFC9} -> Zumtobel - Product Explorer 6.0
{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F} -> GetDataBack for NTFS
{5C57D058-8EEE-4C8D-81A9-1D8D11F4A48F} -> Crystal reports 9.0 for Contractor Pro
{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> Skype™ 3.8
{60C18308-6FD1-47AF-8185-B4AFEF2E24EF} -> Contractor Pro
{66D171AA-670F-4309-9C74-5BA7F7DBA0B3} -> Roxio Media Manager
{67E4EE98-59F4-4220-89A6-A20AF5BEC689} -> Microsoft AutoRoute 2005
{6B2C675E-8040-431B-99C4-137DF4FBF75A} -> Thermal Analysis Tool
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} -> Microsoft .NET Framework 2.0
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{86D4B82A-ABED-442A-BE86-96357B70F4FE} -> Ask Toolbar
{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} -> TomTom HOME Visual Studio Merge Modules
{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (English) 12
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663} -> 
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
{90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D} -> BlackBerry Desktop Software 4.2.2
{99052DB7-9592-4522-A558-5417BBAD48EE} -> Microsoft ActiveSync
{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
{AC76BA86-7AD7-1033-7B44-A81300000003} -> Adobe Reader 8.1.3
{b4092c6d-e886-4cb2-ba68-fe5a88d31de6}_is1 -> Spybot - Search & Destroy
{B8EE8264-238C-430A-9D5F-DB9139B09364} -> Thorn - Product Explorer 6.0
{BC35DF5E-7682-40F9-8FF0-737D8C568F7D} -> Philips Product Selector 1.0.2
{C6CA8874-5F22-4AF0-9BE3-016BF299C536} -> Windows Live Essentials
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CC411126-8CDE-4B7C-950F-4197C931B0C8} -> ML-1510_700 Series
{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E} -> GTA San Andreas
{DF9A6075-9308-4572-8932-A4316243C4D9} -> Brother P-touch Editor 5.0
{E670CC9A-7CD2-4BB8-9485-6324EFAC137C} -> PhotoLux
{E6B87DC4-2B3D-4483-ADFF-E483BF718991} -> OpenOffice.org 3.1
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F6BD194C-4190-4D73-B1B1-C48C99921BFE} -> Windows Live Call
32fsu32_is1 -> File Scavenger 3.2 (English)
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
age of empires 2.0 -> Microsoft Age of Empires II
Audacity 1.3 Beta (Unicode)_is1 -> Audacity 1.3.3 (Unicode)
BitLord -> BitLord 1.1
BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D} -> BlackBerry Desktop Software 4.2.2
BullGuard -> BullGuard 8.5
Cable-Mate 3.3 -> Cable-Mate 3.3
ccleaner -> CCleaner (remove only)
Clik 3 -> Clik 3
DUMeter3_is1 -> DU Meter
EAGLE 5.6.0 -> EAGLE 5.6.0
EasyCert -> EasyCert
ENTERPRISE -> Microsoft Office Enterprise 2007
FileZilla Client -> FileZilla Client 3.2.6
hijackthis -> HijackThis 2.0.2
InstallShield_{BC35DF5E-7682-40F9-8FF0-737D8C568F7D} -> Philips Product Selector 1.0.2
InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9} -> Brother P-touch Editor 5.0
LAME for Audacity_is1 -> LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 -> Microsoft .NET Framework 2.0
mozilla firefox (3.5.2) -> Mozilla Firefox (3.5.2)
NVIDIA Drivers -> NVIDIA Drivers
PDF Editor 2 -> PDF Editor 2
PrimoPDF4.1.0.9 -> PrimoPDF
Samsung CLX-216x Series -> Samsung CLX-216x Series
SpeedFan -> SpeedFan (remove only)
SystemRequirementsLab -> System Requirements Lab
TomTom HOME -> TomTom HOME 2.6.2.1586
Tysoft PDF_is1 -> Tysoft PDF (novaPDF 6.2  printer)
Winamp -> Winamp
Windows Media Format Runtime -> Windows Media Format Runtime
WinLiveSuite_Wave3 -> Windows Live Essentials
WinRAR archiver -> WinRAR archiver
 
Part 2 of OTS log


[Files/Folders - Created Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp ->
CleanMe -> C:\CleanMe -> [2009/08/29 14:02:54 | 00,000,000 | --SD | C]
CF17295.exe -> C:\WINDOWS\System32\CF17295.exe -> [2009/08/29 14:02:53 | 00,389,120 | ---- | C] (Microsoft Corporation)
CF17149.exe -> C:\WINDOWS\System32\CF17149.exe -> [2009/08/29 14:02:08 | 00,389,120 | ---- | C] (Microsoft Corporation)
Recent -> C:\Documents and Settings\Administrator\Recent -> [2009/08/29 13:00:26 | 00,000,000 | RH-D | C]
hiberfil.sys -> C:\hiberfil.sys -> [2009/08/29 11:51:43 | 21,468,16000 | -HS- | C] ()
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/08/28 22:53:07 | 00,514,048 | ---- | C] (OldTimer Tools)
Bookmarks 2009-08-28.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-28.json -> [2009/08/28 22:32:02 | 00,073,761 | ---- | C] ()
ComboFix -> C:\ComboFix -> [2009/08/28 18:13:35 | 00,000,000 | --SD | C]
CF13640.exe -> C:\WINDOWS\System32\CF13640.exe -> [2009/08/28 18:13:34 | 00,389,120 | ---- | C] (Microsoft Corporation)
CF12990.exe -> C:\WINDOWS\System32\CF12990.exe -> [2009/08/28 18:10:07 | 00,389,120 | ---- | C] (Microsoft Corporation)
CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe -> [2009/08/28 18:09:07 | 03,188,248 | R--- | C] ()
CF14402.exe -> C:\WINDOWS\System32\CF14402.exe -> [2009/08/28 15:30:11 | 00,389,120 | ---- | C] (Microsoft Corporation)
CF14225.exe -> C:\WINDOWS\System32\CF14225.exe -> [2009/08/28 15:29:18 | 00,389,120 | ---- | C] (Microsoft Corporation)
CF13416.exe -> C:\WINDOWS\System32\CF13416.exe -> [2009/08/28 15:25:11 | 00,389,120 | ---- | C] (Microsoft Corporation)
Malwarebytes -> C:\Documents and Settings\Administrator\Application Data\Malwarebytes -> [2009/08/27 22:11:23 | 00,000,000 | ---D | C]
malware.lnk -> C:\Documents and Settings\All Users\Desktop\malware.lnk -> [2009/08/27 22:11:22 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/08/27 22:11:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/08/27 22:11:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/08/27 22:11:18 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/08/27 22:11:18 | 00,000,000 | ---D | C]
CF5798.exe -> C:\WINDOWS\System32\CF5798.exe -> [2009/08/27 22:02:52 | 00,389,120 | ---- | C] (Microsoft Corporation)
Boot.bak -> C:\Boot.bak -> [2009/08/27 21:58:14 | 00,000,232 | ---- | C] ()
cmldr -> C:\cmldr -> [2009/08/27 21:58:09 | 00,260,272 | ---- | C] ()
cmdcons -> C:\cmdcons -> [2009/08/27 21:58:08 | 00,000,000 | RHSD | C]
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/08/27 21:57:06 | 00,229,376 | ---- | C] ()
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/08/27 21:57:06 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/08/27 21:57:06 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/08/27 21:57:06 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> C:\WINDOWS\sed.exe -> [2009/08/27 21:57:06 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/08/27 21:57:06 | 00,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/08/27 21:57:06 | 00,068,096 | ---- | C] ()
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/08/27 21:57:06 | 00,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\WINDOWS\ERDNT -> [2009/08/27 21:56:49 | 00,000,000 | ---D | C]
CF4609.exe -> C:\WINDOWS\System32\CF4609.exe -> [2009/08/27 21:56:47 | 00,389,120 | ---- | C] (Microsoft Corporation)
Qoobox -> C:\Qoobox -> [2009/08/27 21:56:40 | 00,000,000 | ---D | C]
rsit -> C:\rsit -> [2009/08/27 19:37:50 | 00,000,000 | ---D | C]
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/08/25 12:36:27 | 00,001,734 | ---- | C] ()
Trend Micro -> C:\Program Files\Trend Micro -> [2009/08/25 12:36:27 | 00,000,000 | ---D | C]
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2009/08/24 21:45:19 | 00,001,602 | ---- | C] ()
bookmarkbackups -> C:\Documents and Settings\Administrator\Desktop\bookmarkbackups -> [2009/08/24 21:40:21 | 00,000,000 | ---D | C]
Bookmarks 2009-08-24.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-24.json -> [2009/08/24 21:39:31 | 00,074,646 | ---- | C] ()
CCleaner.lnk -> C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk -> [2009/08/23 23:07:51 | 00,001,548 | ---- | C] ()
CCleaner -> C:\Program Files\CCleaner -> [2009/08/23 23:07:51 | 00,000,000 | ---D | C]
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/08/23 22:18:18 | 00,002,334 | ---- | C] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2009/08/23 22:06:38 | 00,000,933 | ---- | C] ()
Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/08/23 22:06:35 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/08/23 22:06:35 | 00,000,000 | ---D | C]
Age of Empires II.lnk -> C:\Documents and Settings\Administrator\Desktop\Age of Empires II.lnk -> [2009/08/23 17:24:34 | 00,001,819 | ---- | C] ()
Microsoft Games -> C:\Program Files\Microsoft Games -> [2009/08/23 17:22:51 | 00,000,000 | ---D | C]
Your Company Name -> C:\Program Files\Your Company Name -> [2009/08/23 16:57:38 | 00,000,000 | ---D | C]
ntuser.pol -> C:\Documents and Settings\Administrator\ntuser.pol -> [2009/08/23 13:47:36 | 00,000,452 | RHS- | C] ()
GroupPolicy -> C:\WINDOWS\System32\GroupPolicy -> [2009/08/23 13:46:49 | 00,000,000 | -H-D | C]
pss -> C:\WINDOWS\pss -> [2009/08/23 10:09:31 | 00,000,000 | ---D | C]
BullGuard -> C:\Documents and Settings\All Users\Application Data\BullGuard -> [2009/08/22 20:27:31 | 00,000,000 | ---D | C]
BullGuard -> C:\Documents and Settings\Administrator\Application Data\BullGuard -> [2009/08/22 20:27:29 | 00,000,000 | ---D | C]
BullGuard.lnk -> C:\Documents and Settings\All Users\Desktop\BullGuard.lnk -> [2009/08/22 20:27:23 | 00,000,838 | ---- | C] ()
Alwil Software -> C:\Program Files\Alwil Software -> [2009/08/22 19:34:53 | 00,000,000 | ---D | C]
AVG -> C:\Program Files\AVG -> [2009/08/22 18:53:25 | 00,000,000 | ---D | C]
Snuhacokuvomuy.dat -> C:\WINDOWS\Snuhacokuvomuy.dat -> [2009/08/22 18:49:57 | 00,000,120 | ---- | C] ()
{FDE180A3-C4F5-4D5A-B889-16C2669E1E61} -> C:\Documents and Settings\Administrator\Local Settings\Application Data\{FDE180A3-C4F5-4D5A-B889-16C2669E1E61} -> [2009/08/22 18:49:56 | 00,000,000 | ---D | C]
57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys -> [2009/08/22 18:46:16 | 00,000,000 | ---- | C] ()
E88D4.exe -> C:\WINDOWS\E88D4.exe -> [2009/08/22 18:30:48 | 00,005,095 | -HS- | C] ()
Hagel Technologies -> C:\Documents and Settings\All Users\Application Data\Hagel Technologies -> [2009/08/22 18:21:58 | 00,000,000 | ---D | C]
DU Meter -> C:\Program Files\DU Meter -> [2009/08/22 18:21:56 | 00,000,000 | ---D | C]
METAL GEAR SOLID2 SUBSTANCE.lnk -> C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk -> [2009/08/22 18:11:41 | 00,000,972 | ---- | C] ()
KONAMI -> C:\Program Files\KONAMI -> [2009/08/22 18:04:28 | 00,000,000 | ---D | C]
Microsoft AutoRoute.lnk -> C:\Documents and Settings\Administrator\Desktop\Microsoft AutoRoute.lnk -> [2009/08/03 22:39:07 | 00,002,399 | ---- | C] ()
Microsoft AutoRoute -> C:\Program Files\Microsoft AutoRoute -> [2009/08/03 19:56:22 | 00,000,000 | ---D | C]
AskToolbar -> C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar -> [2009/08/01 19:21:38 | 00,000,000 | ---D | C]
Backup - Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Backup - Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,589 | ---- | C] ()
Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,577 | ---- | C] ()
SdoEng100.dll -> C:\WINDOWS\System32\SdoEng100.dll -> [2009/08/01 16:47:50 | 00,532,480 | ---- | C] (Sage (UK) Limited)
SdoEng90.dll -> C:\WINDOWS\System32\SdoEng90.dll -> [2009/08/01 16:47:50 | 00,507,904 | ---- | C] (Sage (UK) Limited)
SdoEng80.dll -> C:\WINDOWS\System32\SdoEng80.dll -> [2009/08/01 16:47:50 | 00,471,040 | ---- | C] (Sage (UK) Limited)
SdoEng70.dll -> C:\WINDOWS\System32\SdoEng70.dll -> [2009/08/01 16:47:50 | 00,454,656 | ---- | C] (The Sage Group plc)
SGRegister.dll -> C:\WINDOWS\System32\SGRegister.dll -> [2009/08/01 16:47:50 | 00,122,880 | ---- | C] (Sage Software Limited)
Sgdt32.dll -> C:\WINDOWS\System32\Sgdt32.dll -> [2009/08/01 16:47:50 | 00,073,728 | ---- | C] ()
SdoEng110.dll -> C:\WINDOWS\System32\SdoEng110.dll -> [2009/08/01 16:47:48 | 01,089,536 | ---- | C] (Sage (UK) Limited)
SDOApp.dll -> C:\WINDOWS\System32\SDOApp.dll -> [2009/08/01 16:47:48 | 00,253,952 | ---- | C] ()
Sdoeng.dll -> C:\WINDOWS\System32\Sdoeng.dll -> [2009/08/01 16:47:48 | 00,227,840 | ---- | C] (The Sage Group plc)
Sgcom32.dll -> C:\WINDOWS\System32\Sgcom32.dll -> [2009/08/01 16:47:48 | 00,086,016 | ---- | C] ()
SdoEng120.dll -> C:\WINDOWS\System32\SdoEng120.dll -> [2009/08/01 16:47:46 | 02,785,280 | ---- | C] (Sage (UK) Limited)
Clik -> C:\Program Files\Clik -> [2009/08/01 16:47:21 | 00,000,000 | ---D | C]
GECKOS.INI -> C:\WINDOWS\GECKOS.INI -> [2009/06/19 18:50:27 | 00,000,070 | ---- | C] ()
sdsip.dll -> C:\WINDOWS\System32\sdsip.dll -> [2009/04/30 16:29:16 | 00,000,010 | ---- | C] ()
easycert.INI -> C:\WINDOWS\easycert.INI -> [2009/04/15 18:54:19 | 00,000,028 | ---- | C] ()
WBHelps21.dll -> C:\WINDOWS\System32\WBHelps21.dll -> [2009/04/15 18:44:03 | 00,000,008 | ---- | C] ()
PTQL5F.DLL -> C:\WINDOWS\System32\PTQL5F.DLL -> [2009/03/22 15:08:44 | 00,061,440 | ---- | C] ()
PTQL5L.INI -> C:\WINDOWS\System32\PTQL5L.INI -> [2009/03/22 15:08:44 | 00,001,235 | ---- | C] ()
SP7302.INI -> C:\WINDOWS\System32\SP7302.INI -> [2009/03/14 22:00:09 | 00,000,566 | ---- | C] ()
DLPORTIO.SYS -> C:\WINDOWS\System32\drivers\DLPORTIO.SYS -> [2009/03/14 11:48:48 | 00,003,584 | ---- | C] ()
cx21sl3.dll -> C:\WINDOWS\System32\cx21sl3.dll -> [2009/03/12 17:57:07 | 00,022,723 | ---- | C] ()
Primomonnt.dll -> C:\WINDOWS\System32\Primomonnt.dll -> [2009/03/07 20:08:55 | 00,176,235 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2009/02/18 15:44:00 | 01,724,416 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2009/02/18 15:44:00 | 01,507,328 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2009/02/18 15:44:00 | 01,101,824 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2009/02/18 15:44:00 | 00,466,944 | ---- | C] ()
primopdf.ini -> C:\WINDOWS\primopdf.ini -> [2008/04/28 18:13:33 | 00,000,310 | ---- | C] ()
CopyToSendTo.dll -> C:\WINDOWS\System32\CopyToSendTo.dll -> [2008/04/14 11:00:00 | 00,061,440 | ---- | C] ()
las31l71.dll -> C:\WINDOWS\las31l71.dll -> [2008/04/14 11:00:00 | 00,045,056 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2008/04/14 11:00:00 | 00,000,800 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2008/04/14 11:00:00 | 00,000,227 | ---- | C] ()
HMTCD.dll -> C:\WINDOWS\System32\HMTCD.dll -> [2003/09/23 13:40:34 | 00,394,240 | ---- | C] ()
iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [1997/06/14 01:56:08 | 00,056,832 | ---- | C] ()
giveio.sys -> C:\WINDOWS\System32\giveio.sys -> [1996/04/03 20:33:26 | 00,005,248 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2009/08/29 14:05:14 | 00,212,641 | ---- | M] ()
Perflib_Perfdata_7f8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f8.dat -> [2009/08/29 14:05:12 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/08/29 14:04:30 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/08/29 14:04:28 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/08/29 14:04:27 | 21,468,16000 | -HS- | M] ()
CF17295.exe -> C:\WINDOWS\System32\CF17295.exe -> [2009/08/29 14:02:42 | 00,389,120 | ---- | M] (Microsoft Corporation)
CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe -> [2009/08/29 14:02:28 | 03,188,248 | R--- | M] ()
CF17149.exe -> C:\WINDOWS\System32\CF17149.exe -> [2009/08/29 14:01:57 | 00,389,120 | ---- | M] (Microsoft Corporation)
Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2009/08/29 14:01:00 | 00,000,250 | ---- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2009/08/29 13:00:38 | 04,456,448 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2009/08/28 23:03:06 | 00,000,178 | -HS- | M] ()
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/08/28 22:53:08 | 00,514,048 | ---- | M] (OldTimer Tools)
Perflib_Perfdata_768.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_768.dat -> [2009/08/28 22:48:21 | 00,016,384 | ---- | M] ()
Bookmarks 2009-08-28.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-28.json -> [2009/08/28 22:32:02 | 00,073,761 | ---- | M] ()
Perflib_Perfdata_25c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat -> [2009/08/28 22:08:31 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_624.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_624.dat -> [2009/08/28 21:48:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_170.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_170.dat -> [2009/08/28 19:41:47 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_308.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_308.dat -> [2009/08/28 19:33:34 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_7f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f4.dat -> [2009/08/28 18:18:15 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_614.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_614.dat -> [2009/08/28 18:16:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_704.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_704.dat -> [2009/08/28 18:16:13 | 00,016,384 | ---- | M] ()
CF13640.exe -> C:\WINDOWS\System32\CF13640.exe -> [2009/08/28 18:13:23 | 00,389,120 | ---- | M] (Microsoft Corporation)
CF12990.exe -> C:\WINDOWS\System32\CF12990.exe -> [2009/08/28 18:10:03 | 00,389,120 | ---- | M] (Microsoft Corporation)
CF14402.exe -> C:\WINDOWS\System32\CF14402.exe -> [2009/08/28 15:30:00 | 00,389,120 | ---- | M] (Microsoft Corporation)
CF14225.exe -> C:\WINDOWS\System32\CF14225.exe -> [2009/08/28 15:29:07 | 00,389,120 | ---- | M] (Microsoft Corporation)
CF13416.exe -> C:\WINDOWS\System32\CF13416.exe -> [2009/08/28 15:24:59 | 00,389,120 | ---- | M] (Microsoft Corporation)
vpcimxnoqx.exe -> C:\WINDOWS\Temp\vpcimxnoqx.exe -> [2009/08/27 22:21:01 | 00,061,440 | ---- | M] (Microsoft Corporation)
malware.lnk -> C:\Documents and Settings\All Users\Desktop\malware.lnk -> [2009/08/27 22:11:22 | 00,000,696 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/08/27 22:06:25 | 00,032,768 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2009/08/27 22:06:25 | 00,016,384 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2009/08/27 22:06:25 | 00,016,384 | ---- | M] ()
CF5798.exe -> C:\WINDOWS\System32\CF5798.exe -> [2009/08/27 22:02:40 | 00,389,120 | ---- | M] (Microsoft Corporation)
boot.ini -> C:\boot.ini -> [2009/08/27 21:58:14 | 00,000,302 | RHS- | M] ()
CF4609.exe -> C:\WINDOWS\System32\CF4609.exe -> [2009/08/27 21:56:36 | 00,389,120 | ---- | M] (Microsoft Corporation)
57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys -> [2009/08/27 19:53:30 | 00,000,000 | ---- | M] ()
Perflib_Perfdata_630.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_630.dat -> [2009/08/27 19:50:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_638.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_638.dat -> [2009/08/27 19:44:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_188.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_188.dat -> [2009/08/27 19:33:13 | 00,016,384 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/08/27 19:10:09 | 00,002,206 | ---- | M] ()
pesvbqmois.exe -> C:\WINDOWS\Temp\pesvbqmois.exe -> [2009/08/26 18:21:28 | 00,092,160 | ---- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/08/25 12:56:31 | 00,002,334 | ---- | M] ()
ritnvrabvp.exe -> C:\WINDOWS\Temp\ritnvrabvp.exe -> [2009/08/25 12:47:45 | 00,096,256 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/08/25 12:36:27 | 00,001,734 | ---- | M] ()
pool.bin -> C:\WINDOWS\System32\pool.bin -> [2009/08/25 12:33:18 | 00,000,256 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk -> [2009/08/24 21:45:19 | 00,001,602 | ---- | M] ()
Bookmarks 2009-08-24.json -> C:\Documents and Settings\Administrator\Desktop\Bookmarks 2009-08-24.json -> [2009/08/24 21:39:31 | 00,074,646 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/08/24 17:39:05 | 00,100,944 | ---- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/08/24 17:29:38 | 00,370,488 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2009/08/23 23:12:07 | 03,706,996 | -H-- | M] ()
CCleaner.lnk -> C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk -> [2009/08/23 23:07:51 | 00,001,548 | ---- | M] ()
Snuhacokuvomuy.dat -> C:\WINDOWS\Snuhacokuvomuy.dat -> [2009/08/23 22:19:49 | 00,000,120 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2009/08/23 22:06:38 | 00,000,933 | ---- | M] ()
Age of Empires II.lnk -> C:\Documents and Settings\Administrator\Desktop\Age of Empires II.lnk -> [2009/08/23 17:24:34 | 00,001,819 | ---- | M] ()
ntuser.pol -> C:\Documents and Settings\Administrator\ntuser.pol -> [2009/08/23 14:27:28 | 00,000,452 | RHS- | M] ()
Perflib_Perfdata_618.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_618.dat -> [2009/08/23 10:16:22 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_908.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_908.dat -> [2009/08/23 10:15:57 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_af0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_af0.dat -> [2009/08/23 10:12:53 | 00,016,384 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/08/23 10:10:42 | 00,000,800 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2009/08/23 10:10:42 | 00,000,232 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/08/23 10:10:42 | 00,000,227 | ---- | M] ()
Perflib_Perfdata_77c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_77c.dat -> [2009/08/23 10:00:25 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_824.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_824.dat -> [2009/08/23 10:00:20 | 00,016,384 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/08/23 03:09:13 | 00,229,376 | ---- | M] ()
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2009/08/22 20:35:38 | 00,002,577 | ---- | M] ()
BullGuard.lnk -> C:\Documents and Settings\All Users\Desktop\BullGuard.lnk -> [2009/08/22 20:27:23 | 00,000,838 | ---- | M] ()
setupeng.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\_av_inet.tm~a05532\setupeng.exe -> [2009/08/22 19:32:39 | 37,778,896 | ---- | M] ()
trialkey.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\trialkey.dat -> [2009/08/22 19:18:46 | 00,000,070 | ---- | M] ()
avgdm85_packmap_free_0409.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_packmap_free_0409.dat -> [2009/08/22 19:18:35 | 00,003,022 | ---- | M] ()
freekeys.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\freekeys.dat -> [2009/08/22 19:18:35 | 00,000,529 | ---- | M] ()
avgdm85_prodmap_pro_0409.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_pro_0409.dat -> [2009/08/22 19:18:29 | 00,002,911 | ---- | M] ()
avgdm85_prodmap_free_0409.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_free_0409.dat -> [2009/08/22 19:18:29 | 00,002,911 | ---- | M] ()
avgdm85_prodmap_sals_0356.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\avgdm85_prodmap_sals_0356.dat -> [2009/08/22 19:18:29 | 00,002,910 | ---- | M] ()
avgrsa.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsa.exe -> [2009/08/22 18:53:29 | 01,013,528 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsx.exe -> [2009/08/22 18:53:29 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrssta.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrssta.dll -> [2009/08/22 18:53:29 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\34\avgrsstx.dll -> [2009/08/22 18:53:29 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcorex.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcorex.dll -> [2009/08/22 18:53:28 | 02,062,104 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcsrvx.exe -> [2009/08/22 18:53:28 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcrlpx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcrlpx.dll -> [2009/08/22 18:53:28 | 00,070,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcclix.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgcclix.dll -> [2009/08/22 18:53:27 | 00,418,072 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgclitx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\4\avgclitx.dll -> [2009/08/22 18:53:27 | 00,390,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgsea.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\36\avgsea.dll -> [2009/08/22 18:53:27 | 00,188,184 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgse.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\36\avgse.dll -> [2009/08/22 18:53:27 | 00,114,968 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgxch32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\11\avgxch32.dll -> [2009/08/22 18:53:26 | 00,354,072 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgoff2k.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\7\avgoff2k.dll -> [2009/08/22 18:53:26 | 00,264,984 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgscanx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgscanx.exe -> [2009/08/22 18:53:25 | 00,761,624 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgvvx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgvvx.dll -> [2009/08/22 18:53:25 | 00,515,864 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdwsc.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgwdwsc.dll -> [2009/08/22 18:53:25 | 00,423,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgscanx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgscanx.dll -> [2009/08/22 18:53:25 | 00,339,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmvflx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgmvflx.dll -> [2009/08/22 18:53:25 | 00,305,944 | ---- | M] (AVG Technologies CZ, s.r.o.)
avg7api.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avg7api.dll -> [2009/08/22 18:53:25 | 00,222,488 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmail.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\15\avgmail.dll -> [2009/08/22 18:53:25 | 00,177,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgxpl.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgxpl.dll -> [2009/08/22 18:52:01 | 01,008,920 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcmgr.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcmgr.exe -> [2009/08/22 18:52:01 | 00,845,080 | ---- | M] (AVG Technologies CZ, s.r.o.)
avglvex.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglvex.dll -> [2009/08/22 18:52:01 | 00,197,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
sporder.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\sporder.dll -> [2009/08/22 18:52:01 | 00,008,464 | ---- | M] (Microsoft Corporation)
sb2.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\sb2.dat -> [2009/08/22 18:52:01 | 00,002,588 | ---- | M] ()
cf.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\cf.dat -> [2009/08/22 18:52:01 | 00,000,204 | ---- | M] ()
ph.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\ph.dat -> [2009/08/22 18:52:01 | 00,000,120 | ---- | M] ()
avgwd.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgwd.dll -> [2009/08/22 18:52:00 | 01,262,368 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgssie.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgssie.dll -> [2009/08/22 18:52:00 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
dbghelp.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\dbghelp.dll -> [2009/08/22 18:52:00 | 01,045,128 | ---- | M] (Microsoft Corporation)
avgssff.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgssff.dll -> [2009/08/22 18:52:00 | 01,033,496 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgsrmx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsrmx.dll -> [2009/08/22 18:52:00 | 00,681,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgnsx.exe -> [2009/08/22 18:52:00 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgsched.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsched.dll -> [2009/08/22 18:52:00 | 00,530,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtbapi.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgtbapi.dll -> [2009/08/22 18:52:00 | 00,493,848 | ---- | M] (AVG Technologies CZ, s.r.o.)
fixcfg.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\fixcfg.exe -> [2009/08/22 18:52:00 | 00,423,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgsrmax.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgsrmax.exe -> [2009/08/22 18:52:00 | 00,341,272 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgwdsvc.exe -> [2009/08/22 18:52:00 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
dfncfg.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\dfncfg.dat -> [2009/08/22 18:52:00 | 00,088,863 | ---- | M] ()
avgpp.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgpp.dll -> [2009/08/22 18:52:00 | 00,087,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgupd.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgupd.dll -> [2009/08/22 18:51:59 | 01,475,352 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgapix.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgapix.dll -> [2009/08/22 18:51:59 | 01,262,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgupd.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgupd.exe -> [2009/08/22 18:51:59 | 01,165,592 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcfgx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcfgx.dll -> [2009/08/22 18:51:59 | 00,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.)
avginet.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avginet.dll -> [2009/08/22 18:51:59 | 00,758,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcfgex.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgcfgex.exe -> [2009/08/22 18:51:59 | 00,730,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgiproxy.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgiproxy.exe -> [2009/08/22 18:51:59 | 00,587,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
avglogx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglogx.dll -> [2009/08/22 18:51:59 | 00,337,176 | ---- | M] (AVG Technologies CZ, s.r.o.)
avglngx.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avglngx.dll -> [2009/08/22 18:51:59 | 00,310,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgamnot.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgamnot.dll -> [2009/08/22 18:51:59 | 00,271,640 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgdumpx.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgdumpx.exe -> [2009/08/22 18:51:59 | 00,100,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
setup.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\setup.exe -> [2009/08/22 18:51:58 | 03,299,608 | ---- | M] (AVG Technologies CZ, s.r.o.)
setup.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\setup.dat -> [2009/08/22 18:51:58 | 01,092,424 | ---- | M] ()
avgui.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgui.exe -> [2009/08/22 18:51:57 | 03,497,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
avguires.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avguires.dll -> [2009/08/22 18:51:57 | 02,808,600 | ---- | M] (AVG Technologies CZ, s.r.o.)
avguiadv.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avguiadv.dll -> [2009/08/22 18:51:57 | 02,308,888 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgtray.exe -> [2009/08/22 18:51:57 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgresf.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgresf.dll -> [2009/08/22 18:51:56 | 02,352,920 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgfrw.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgfrw.exe -> [2009/08/22 18:51:56 | 01,217,816 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgabout.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\avgabout.dll -> [2009/08/22 18:51:56 | 01,209,112 | ---- | M] (AVG Technologies CZ, s.r.o.)
afuinst64.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\AVGDownloadManager\packages\35\afuinst64.dat -> [2009/08/22 18:51:56 | 00,317,440 | ---- | M] ()
E88D4.exe -> C:\WINDOWS\E88D4.exe -> [2009/08/22 18:46:02 | 00,005,095 | -HS- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/08/22 18:38:27 | 00,005,371 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/08/22 18:37:28 | 00,006,510 | ---- | M] ()
METAL GEAR SOLID2 SUBSTANCE.lnk -> C:\Documents and Settings\All Users\Desktop\METAL GEAR SOLID2 SUBSTANCE.lnk -> [2009/08/22 18:11:41 | 00,000,972 | ---- | M] ()
Perflib_Perfdata_7fc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7fc.dat -> [2009/08/22 09:29:24 | 00,016,384 | ---- | M] ()
Excel 2007.lnk -> C:\Documents and Settings\Administrator\Desktop\Excel 2007.lnk -> [2009/08/18 17:11:37 | 00,002,473 | ---- | M] ()
PrimoPDFSet.xml -> C:\Documents and Settings\Administrator\Application Data\PrimoPDFSet.xml -> [2009/08/17 17:20:51 | 00,006,491 | ---- | M] ()
Microsoft Office Access 2007.lnk -> C:\Documents and Settings\Administrator\Desktop\Microsoft Office Access 2007.lnk -> [2009/08/13 15:58:43 | 00,002,471 | ---- | M] ()
Word 2007.lnk -> C:\Documents and Settings\Administrator\Desktop\Word 2007.lnk -> [2009/08/06 12:51:46 | 00,002,515 | ---- | M] ()
Microsoft AutoRoute.lnk -> C:\Documents and Settings\Administrator\Desktop\Microsoft AutoRoute.lnk -> [2009/08/03 22:39:09 | 00,002,399 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
Backup - Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Backup - Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,589 | ---- | M] ()
Clik Service.lnk -> C:\Documents and Settings\Administrator\Desktop\Clik Service.lnk -> [2009/08/01 16:47:59 | 00,001,577 | ---- | M] ()
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2009/03/12 19:23:56 | 00,008,206 | ---- | M] ()
avenger.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.547\avenger.exe -> [2008/05/30 23:09:46 | 00,731,136 | ---- | M] ()
< End of report >
[/code]
 
Open OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Driver Services - Safe List]
YN -> (57852f5b) 57852f5b [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\57852f5b.sys
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "avast!" -> C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]
YN -> "AVG8_TRAY" -> C:\PROGRA~1\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe]
YN -> "UnlockerAssistant" -> C:\Program Files\Unlocker\UnlockerAssistant.exe [C:\Program Files\Unlocker\UnlockerAssistant.exe -H]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
[Registry - Additional Scans - Safe List]
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> {86D4B82A-ABED-442A-BE86-96357B70F4FE} -> Ask Toolbar
[Files/Folders - Created Within 30 Days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp
NY -> CleanMe -> C:\CleanMe
NY -> CF17295.exe -> C:\WINDOWS\System32\CF17295.exe
NY -> CF17149.exe -> C:\WINDOWS\System32\CF17149.exe
NY -> ComboFix -> C:\ComboFix
NY -> CF13640.exe -> C:\WINDOWS\System32\CF13640.exe
NY -> CF12990.exe -> C:\WINDOWS\System32\CF12990.exe
NY -> CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe
NY -> CF14402.exe -> C:\WINDOWS\System32\CF14402.exe
NY -> CF14225.exe -> C:\WINDOWS\System32\CF14225.exe
NY -> CF13416.exe -> C:\WINDOWS\System32\CF13416.exe
NY -> CF5798.exe -> C:\WINDOWS\System32\CF5798.exe
NY -> CF4609.exe -> C:\WINDOWS\System32\CF4609.exe
NY -> 57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys
NY -> E88D4.exe -> C:\WINDOWS\E88D4.exe
[Files/Folders - Modified Within 30 Days]
NY -> CF17295.exe -> C:\WINDOWS\System32\CF17295.exe
NY -> CleanMe.exe -> C:\Documents and Settings\Administrator\Desktop\CleanMe.exe
NY -> CF17149.exe -> C:\WINDOWS\System32\CF17149.exe
NY -> CF13640.exe -> C:\WINDOWS\System32\CF13640.exe
NY -> CF12990.exe -> C:\WINDOWS\System32\CF12990.exe
NY -> CF14402.exe -> C:\WINDOWS\System32\CF14402.exe
NY -> CF14225.exe -> C:\WINDOWS\System32\CF14225.exe
NY -> CF13416.exe -> C:\WINDOWS\System32\CF13416.exe
NY -> CF5798.exe -> C:\WINDOWS\System32\CF5798.exe
NY -> CF4609.exe -> C:\WINDOWS\System32\CF4609.exe
NY -> 57852f5b.sys -> C:\WINDOWS\System32\drivers\57852f5b.sys
NY -> pesvbqmois.exe -> C:\WINDOWS\Temp\pesvbqmois.exe
NY -> ritnvrabvp.exe -> C:\WINDOWS\Temp\ritnvrabvp.exe
[Empty Temp Folders]
Click to expand...
The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system

Please post a fresh sysprot log also
 
OTS bit done.

Sysprot log

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\kbiwkmsdjnkvxf.sys
Service Name: kbiwkmpkbmwnli
Module Base: ---
Module End: ---
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwSaveKeyEx
At Address: 8065628D
Jump To: 8929B6DA
Module Name: _unknown_

Hooked Function: ZwSaveKey
At Address: 806561A2
Jump To: 892A56DA
Module Name: _unknown_

Hooked Function: ZwFlushInstructionCache
At Address: 80587BFB
Jump To: 89EFB61C
Module Name: _unknown_

Hooked Function: ZwEnumerateKey
At Address: 80578E14
Jump To: 8A271E8C
Module Name: _unknown_

Hooked Function: IofCompleteRequest
At Address: 804E17BD
Jump To: 89FD50CB
Module Name: _unknown_

Hooked Function: IofCallDriver
At Address: 804E13A7
Jump To: 892DD6DB
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied
 
----------------------------------------------------------------------------------------
Step 1

  1. Start Sysprot
  2. Click the "Kernel Modules" tab.
  3. Click the following lines (in red) and then click Disable
    \systemroot\system32\drivers\kbiwkmsdjnkvxf.sys ------ kbiwkmpkbmwnli
  4. Reboot the machine
  5. Repeat steps 1 to 4 (SysProt AntiRootkit will detect the same rootkit driver again)
----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
 
Malwarebytes' Anti-Malware 1.40
Database version: 2713
Windows 5.1.2600 Service Pack 3

29/08/2009 19:23:31
mbam-log-2009-08-29 (19-23-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 272376
Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Download a fresh copy of Combofix to your desktop and do the following.
Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.



If it still doesn't run, please post a fresh Sysprot log
 
it wont open from the run command. it says 'windows cannot find c:\....' make you typed the name correctly etc.

if i double click the desktop icon, it comes up with the windows security warning saying publisher could not be verified. i clicked cancel to that, not sure if you want me to run it from there?
 
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it runcf.bat Please save it on your desktop. (Next to Combofix)

@echo off
CD %~dp0
if not exist Combofix.exe (@Echo File Not found >>"%Temp%\log.txt"&&Pause&&goto End)
Combofix /Killall
DEl /q %0
:End
notepad "%Temp%\log.txt" & del log.txt
del /q %0
Click to expand...
Double click on runcf.bat

if Combofix starts to run, please follow the on screen prompts
 
You must log in or register to reply here.
Back
Top