WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer intermittant

Started by ukracer , Sep 28 2010 11:27 AM

Please log in to reply

47 replies to this topic

#1 ukracer

Authentic Member

Authentic Member
25 posts

Posted 28 September 2010 - 11:27 AM

My computer seem to lock up several times per minute. I cant type or do anything during those periods although the words I type are usually held and typed after the lock up ceases.

I have no evidence of any specific virus or malware on the computer but my hard drive is constantly in use and the red activity light flickers 24 hours per day.

This is my hijack this log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:14:56, on 28/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\Program Files\Sandboxie\SbieSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\pg_ctl.exe
E:\Program Files\LiveZilla\LiveZilla.exe
E:\Program Files\Spyware Doctor\pctsTray.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\WINDOWS\VMSnap3.exe
E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe
E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe
E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
E:\WINDOWS\PixArt\PAP7501\PACTray.exe
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
E:\Program Files\Microsoft ActiveSync\Wcescomm.exe
E:\Program Files\Sandboxie\SbieCtrl.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\Samsung\Kies\KiesTrayAgent.exe
E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
E:\WINDOWS\system32\crypserv.exe
E:\WINDOWS\system32\dgdersvc.exe
E:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
E:\Program Files\NETGEAR\WG111v3\WG111v3.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\WINDOWS\system32\FsUsbExService.Exe
E:\WINDOWS\system32\ftusbsrv.exe
E:\Program Files\UltraMon\UltraMon.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\UltraMon\UltraMonTaskbar.exe
E:\Program Files\Vista & XP Virtual Desktops\Virtual Desktops.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
E:\Program Files\Spyware Doctor\pctsAuxs.exe
E:\Program Files\Spyware Doctor\pctsSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Wacom_Tablet.exe
E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
E:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
E:\Program Files\UltraVNC\WinVNC.exe
E:\Program Files\TeamViewer\Version5\TeamViewer.exe
E:\WINDOWS\system32\Wacom_Tablet.exe
E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\UltraVNC\WinVNC.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe
E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe
E:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe
E:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
E:\Program Files\Common Files\Java\Java Update\jucheck.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\USB over Network (Server)\usbserver.exe
E:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Program Files\Messenger\Msmsgs.exe
E:\Mailtraq back up march2010\mailtraq.exe
F:\maxtor 160\Agent back up 2009\Agent95\agent.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\ACD Systems\ACDSee\10.0\ACDSee10.exe
E:\Program Files\3CX PhoneSystem\Bin\Webserver\adn\fcgidotnet_2_0.exe
E:\Program Files\SignCut\SignCut.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.c...c/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.pctools.c...c/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/o...ration.asp?id=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LiveZilla] "E:\Program Files\LiveZilla\LiveZilla.exe" -minimize
O4 - HKLM\..\Run: [ISTray] "E:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [VMSnap3] E:\WINDOWS\VMSnap3.exe
O4 - HKLM\..\Run: [GUCI_AVS] E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [PACTray] E:\WINDOWS\PixArt\PAP7501\PACTray.exe
O4 - HKLM\..\Run: [PAP7501_Monitor] E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SandboxieControl] "E:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KiesTrayAgent] E:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "E:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe" delay 20000
O4 - HKCU\..\Run: [EPSON SX600FW Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "E:\WINDOWS\TEMP\E_S388.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX600FW Series (Copy 1)] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE /FU "E:\WINDOWS\TEMP\E_S24E.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1202660629-1214440339-1177238915-1000\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'HelpAssistant')
O4 - HKUS\S-1-5-21-1202660629-1214440339-1177238915-1000\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'HelpAssistant')
O4 - HKUS\S-1-5-21-1202660629-1214440339-1177238915-500\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-21-1202660629-1214440339-1177238915-500\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Vista & XP Virtual Desktops.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = E:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1269981272937
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDE1C31-4831-453D-8E95-3DF8CAE582CA}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\WINDOWS\system32\skype4com.dll
O21 - SSODL: FolderControl - a9bb7b60-9ddd-428b-b704-836f2820c57e - E:\Program Files\Common Files\FolderControl\FolderControl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: 3CX PhoneSystem Database Server - PostgreSQL Global Development Group - E:/Program Files/3CX PhoneSystem/Bin/pgsql/bin/pg_ctl.exe
O23 - Service: 3CX PhoneSystem Assistant Server (3CXAssistantServer) - 3CX Ltd - E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe
O23 - Service: 3CX PhoneSystem Call History (3CXCallHistoryService) - 3CX - E:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe
O23 - Service: 3CX PhoneSystem Configuration Service (3CXCfgServ) - 3CX Ltd - E:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe
O23 - Service: 3CX PhoneSystem Conference Room (3CXConferenceRoom) - 3CX Software Ltd. - E:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe
O23 - Service: 3CX PhoneSystem FAX Server (3CXFAXSrv) - 3CX Software Ltd. - E:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe
O23 - Service: 3CX PhoneSystem Digital Receptionist (3CXIvr) - 3CX Software Ltd. - E:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe
O23 - Service: 3CX PhoneSystem Media Server (3CXMediaServer) - 3CX Software Ltd. - E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe
O23 - Service: 3CX PhoneSystem Parking Orbit (3CXParkOrbit) - 3CX Software Ltd. - E:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe
O23 - Service: 3CX PhoneSystem (3CXPhoneSystem) - 3CX Software Ltd. - E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe
O23 - Service: 3CX PhoneSystem Queue Manager (3CXQueueManager) - Unknown owner - E:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe
O23 - Service: 3CX PhoneSystem SIP/RTP Tunneling Proxy (3CXTunnel) - 3CX Software Ltd. - E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe
O23 - Service: 3CX PhoneSystem Voicemail Manager (3CXVBoxMgr) - 3CX - E:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe
O23 - Service: Abyss Web Server (AbyssWebServer) - Aprelium - E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - IVT Corporation - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: BsHelpCS - IVT Corporation - E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - E:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - E:\WINDOWS\system32\dgdersvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - E:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: USB over Network (Server) service (ftusbsrv) - FabulaTech - E:\WINDOWS\system32\ftusbsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SAMSUNG KiesAllShare Service (KiesAllShare) - Unknown owner - E:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe
O23 - Service: Macromedia Licensing Service - Macromedia - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - E:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - E:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - E:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Uniblue DiskRescue - Uniblue - E:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
O23 - Service: uvnc_service - UltraVNC - E:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 18720 bytes

Thanks in advance for your help folks.

Advertisements

Register to Remove

#2 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 30 September 2010 - 11:13 AM

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message to me on here.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Do you have your Windows XP disc?

NEXT:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

NEXT:

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.

Double-click on RKUnhookerLE.exe to execute it.
Vista - W7 users: Right click RKUnhookerLE.exe, choose "Run As Administrator" to execute it. If UAC prompts, please allow it.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)

The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
When the scanner is finished... click File, Save Report.
Save the file "Report.txt" to your Desktop... Press Close... then press Yes
Copy the entire contents of the Report.txt file in you're next reply.

Please Note:
You may get this warning, it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

NEXT:

HAMeb_Check Scan

Download and run HAMeb_check.exe

Post the contents of the resulting log.

NEXT:

OTL Custom Scan

Please download OTL to your Desktop, if you have not done so already.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Proud Graduate of the WTT Classroom

Posted Image

#3 ukracer

Authentic Member

Authentic Member
25 posts

Posted 30 September 2010 - 03:03 PM

The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
[*]When the scanner is finished... click File, Save Report.

I have one issue.

When running rootkit unhooker it gets to hidden /blocked files and then gives me an option to select drivers to scan C: E:F:

Edited by SweetTech, 30 September 2010 - 03:09 PM.
fixed quote tag

#4 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 30 September 2010 - 03:08 PM

Select C drive.

Proud Graduate of the WTT Classroom

Posted Image

#5 ukracer

Authentic Member

Authentic Member
25 posts

Posted 30 September 2010 - 03:41 PM

Select C drive.

I have done this and it seems to have stalled. It has aid getting a list of files and directories for over 30 mins now.s

BTW E drive is the active windows installation. not sure if this matters.

#6 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 30 September 2010 - 03:45 PM

Oh.. Yeah, that does matter. I should have realized that. Sorry about that. Go ahead and exit out of it for right now. Proceed with the rest of the instructions in my previous post.

Proud Graduate of the WTT Classroom

Posted Image

#7 ukracer

Authentic Member

Authentic Member
25 posts

Posted 30 September 2010 - 04:34 PM

Oh.. Yeah, that does matter. I should have realized that. Sorry about that. Go ahead and exit out of it for right now. Proceed with the rest of the instructions in my previous post.

Ok here goes then.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000002fc

Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xB9F48000 fltMgr.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F29000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F03000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9EF0000 pnp680r.sys
0xB9ED8000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9EC0000 atapi.sys
0xBA338000 iteraid.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EAE000 sr.sys
0xB9E75000 PCTCore.sys
0xBA0F8000 PxHelp20.sys
0xB9E5E000 KSecDD.sys
0xB9E4B000 WudfPf.sys
0xB9DBE000 Ntfs.sys
0xB9D91000 NDIS.sys
0xB9D77000 Mup.sys
0xBA4BC000 BtHidBus.sys
0xB9514000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8B4F000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB8B3B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8B13000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA428000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8AEF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA158000 \??\E:\WINDOWS\system32\drivers\ftusbload.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8ACC000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA198000 \SystemRoot\system32\DRIVERS\l1e51x86.sys
0xBA5DE000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA438000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA598000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA440000 \SystemRoot\System32\Drivers\btnetBus.sys
0xBA448000 \SystemRoot\System32\Drivers\VcommMgr.sys
0xBA450000 \SystemRoot\System32\Drivers\IvtBtBus.sys
0xBA682000 \SystemRoot\system32\DRIVERS\mv2.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA683000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8AB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA460000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8AA4000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA208000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA468000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA478000 \SystemRoot\system32\DRIVERS\teamviewervpn.sys
0xB8A74000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA218000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA480000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8A57000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB89F9000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D3B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9D37000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA488000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0xBA228000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAC973000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAC94F000 \SystemRoot\system32\drivers\portcls.sys
0xBA248000 \SystemRoot\system32\drivers\drmk.sys
0xBA258000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAC44A000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xBA5E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6CF000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA498000 \SystemRoot\System32\drivers\vga.sys
0xBA5EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA594000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAC387000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAC32E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAC306000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAC2B8000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA268000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xAC296000 \SystemRoot\System32\drivers\afd.sys
0xBA278000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA4B0000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xAC26B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA348000 \SystemRoot\system32\ckldrv.sys
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAC15B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA2A8000 \SystemRoot\system32\DRIVERS\easdrv.sys
0xBA5F0000 \SystemRoot\system32\drivers\AsIO.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC426000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA398000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA777000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF0FC000 \SystemRoot\System32\atikvmag.dll
0xBF196000 \SystemRoot\System32\atiok3x2.dll
0xBF1FB000 \SystemRoot\System32\ati3duag.dll
0xBF56E000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA96CE000 \??\E:\WINDOWS\system32\drivers\mbam.sys
0xA945B000 \??\E:\Program Files\Sandboxie\SbieDrv.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA965A000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA941D000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xA964A000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xA963A000 \SystemRoot\system32\DRIVERS\EAPPkt.sys
0xA956A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9200000 \SystemRoot\system32\drivers\wdmaud.sys
0xA94DA000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA646000 \SystemRoot\system32\DRIVERS\VComm.sys
0xA897F000 \SystemRoot\system32\DRIVERS\eamon.sys
0xBA662000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
0xA86D8000 \SystemRoot\system32\DRIVERS\srv.sys
0xA87EA000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xA866F000 \??\E:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
0xBA3E0000 \??\E:\Program Files\Spyware Doctor\PCTSDInj32.sys
0xA784E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8027000 \??\E:\WINDOWS\system32\FsUsbExDisk.SYS
0xA77C6000 \SystemRoot\System32\drivers\dgderdrv.sys
0xA78BF000 \??\E:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA7352000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAC12B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA807F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA95E6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA807B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xA5DB5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 99):
0 System Idle Process
4 SYSTEM
868 E:\WINDOWS\system32\smss.exe
916 E:\WINDOWS\system32\csrss.exe
948 E:\WINDOWS\system32\winlogon.exe
992 E:\WINDOWS\system32\services.exe
1004 E:\WINDOWS\system32\lsass.exe
1168 E:\WINDOWS\system32\ati2evxx.exe
1188 E:\WINDOWS\system32\svchost.exe
1316 E:\WINDOWS\system32\svchost.exe
1436 E:\Program Files\Windows Defender\MsMpEng.exe
1476 E:\Program Files\Sandboxie\SbieSvc.exe
1532 E:\WINDOWS\system32\svchost.exe
1564 E:\WINDOWS\system32\svchost.exe
1668 E:\WINDOWS\system32\svchost.exe
2024 E:\WINDOWS\system32\ati2evxx.exe
244 E:\WINDOWS\system32\spoolsv.exe
1904 E:\WINDOWS\RTHDCPL.EXE
1912 E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1836 E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
448 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\pg_ctl.exe
540 E:\Program Files\LiveZilla\LiveZilla.exe
616 E:\Program Files\Spyware Doctor\pctsTray.exe
628 E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe
696 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
748 E:\WINDOWS\VMSnap3.exe
804 E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
1120 E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe
884 E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe
896 E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
1072 E:\WINDOWS\PixArt\PAP7501\PACTray.exe
1496 E:\Program Files\Bonjour\mDNSResponder.exe
1448 E:\WINDOWS\system32\ctfmon.exe
1664 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
1676 E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1760 E:\Program Files\Microsoft ActiveSync\wcescomm.exe
1880 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
1896 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
656 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
2052 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
2140 E:\PROGRA~1\MI3AA1~1\rapimgr.exe
2208 E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
2292 E:\WINDOWS\system32\Crypserv.exe
2396 E:\WINDOWS\system32\dgdersvc.exe
2436 E:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
2480 E:\Program Files\NETGEAR\WG111v3\WG111v3.exe
2500 E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
2540 E:\WINDOWS\system32\FsUsbExService.Exe
2568 E:\WINDOWS\system32\ftusbsrv.exe
2648 E:\Program Files\UltraMon\UltraMon.exe
2740 E:\Program Files\UltraMon\UltraMonTaskbar.exe
2940 E:\Program Files\Vista & XP Virtual Desktops\Virtual Desktops.exe
3624 E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
3752 E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
4020 E:\Program Files\Spyware Doctor\pctsAuxs.exe
312 E:\Program Files\Spyware Doctor\pctsSvc.exe
2776 E:\WINDOWS\system32\svchost.exe
2804 E:\WINDOWS\system32\Wacom_Tablet.exe
2848 E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
2868 E:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
2928 E:\WINDOWS\system32\Wacom_Tablet.exe
584 E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
3196 E:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe
3124 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
3356 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
3836 E:\WINDOWS\system32\wbem\wmiprvse.exe
2252 E:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe
2588 E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe
3712 E:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe
4048 E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe
676 E:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe
272 E:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe
4148 E:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe
4192 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
4308 E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe
4428 E:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe
4632 E:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe
5444 E:\WINDOWS\system32\svchost.exe
5948 E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
2660 E:\WINDOWS\system32\alg.exe
4120 E:\WINDOWS\system32\wscntfy.exe
4992 E:\WINDOWS\system32\svchost.exe
5220 E:\WINDOWS\system32\wuauclt.exe
5776 E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe
6788 E:\Program Files\USB over Network (Server)\usbserver.exe
16360 E:\Program Files\Messenger\msmsgs.exe
14520 E:\Mailtraq back up march2010\mailtraq.exe
9764 E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17928 E:\WINDOWS\explorer.exe
25936 E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
6824 E:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
1784 E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
11060 E:\Program Files\TeamViewer\Version5\TeamViewer.exe
3248 E:\Program Files\Mozilla Firefox\firefox.exe
34504 E:\Program Files\Java\jre6\bin\jqs.exe
18284 E:\Program Files\3CX PhoneSystem\Bin\Webserver\adn\FCGIDotNet_2_0.exe
21672 E:\Program Files\Windows Live\Messenger\msnmsgr.exe
27292 E:\Program Files\Windows Live\Contacts\wlcomm.exe
36484 E:\Documents and Settings\Andy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000003d`093b7e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000093`6d926c00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721010CLA332, Rev: JP4OA39C

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

E:\Documents and Settings\Andy\Desktop\HAMeb_check.exe
30/09/2010 at 23:17:23.96

Account active No
Local Group Memberships

~~ Checking profile list ~~

S-1-5-21-1202660629-1214440339-1177238915-1000
%SystemDrive%\Documents and Settings\HelpAssistant

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

OTL logfile created on: 30/09/2010 23:20:09 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = E:\Documents and Settings\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 244.14 Gb Total Space | 53.95 Gb Free Space | 22.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 345.57 Gb Total Space | 125.02 Gb Free Space | 36.18% Space Free | Partition Type: NTFS
Drive F: | 341.80 Gb Total Space | 150.77 Gb Free Space | 44.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTROOM
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - E:\Documents and Settings\Andy\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - E:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe (3CX Ltd)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe (3CX)
PRC - E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe (3CX Ltd)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe (3CX)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe (3CX Software Ltd.)
PRC - E:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - E:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe ()
PRC - E:\Program Files\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited)
PRC - E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe (Aprelium)
PRC - E:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
PRC - E:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - E:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - E:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\Webserver\adn\FCGIDotNet_2_0.exe (Aprelium)
PRC - E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - E:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - E:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe (IVT Corporation)
PRC - E:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
PRC - E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - E:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - E:\Program Files\USB over Network (Server)\usbserver.exe (FabulaTech)
PRC - E:\WINDOWS\system32\ftusbsrv.exe (FabulaTech)
PRC - E:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Ipswitch)
PRC - E:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - E:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
PRC - E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - E:\Program Files\UltraMon\UltraMon.exe (Realtime Soft Ltd)
PRC - E:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd)
PRC - E:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe (Uniblue)
PRC - E:\Program Files\Vista & XP Virtual Desktops\Virtual Desktops.exe (Z-Systems)
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
PRC - e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - E:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - E:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - E:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - E:\WINDOWS\VMSnap3.exe (Vimicro)
PRC - E:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)
PRC - E:\Mailtraq back up march2010\mailtraq.exe (Fastraq Limited)

========== Modules (SafeList) ==========

MOD - E:\Documents and Settings\Andy\Desktop\OTL.exe (OldTimer Tools)
MOD - E:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - E:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - E:\Program Files\UltraMon\RTSUltraMonHook.dll (Realtime Soft Ltd)
MOD - E:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - E:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (TeamViewer5) -- E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (3CXConferenceRoom) -- E:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe (3CX Software Ltd.)
SRV - (3CXTunnel) -- E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe (3CX Software Ltd.)
SRV - (3CXPhoneSystem) -- E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe (3CX Software Ltd.)
SRV - (3CXFAXSrv) -- E:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe (3CX Software Ltd.)
SRV - (3CXParkOrbit) -- E:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe (3CX Software Ltd.)
SRV - (3CXCfgServ) -- E:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe (3CX Ltd)
SRV - (3CXCallHistoryService) -- E:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe (3CX)
SRV - (3CXAssistantServer) -- E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe (3CX Ltd)
SRV - (3CXVBoxMgr) -- E:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe (3CX)
SRV - (3CXIvr) -- E:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe (3CX Software Ltd.)
SRV - (3CXMediaServer) -- E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe (3CX Software Ltd.)
SRV - (SbieSvc) -- E:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (3CXQueueManager) -- E:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe ()
SRV - (AbyssWebServer) -- E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe (Aprelium)
SRV - (KiesAllShare) -- E:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()
SRV - (FsUsbExService) -- E:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (dgdersvc) -- E:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Macromedia Licensing Service) -- E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (MBAMService) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (3CX PhoneSystem Database Server) -- E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (sdCoreService) -- E:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- E:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (BlueSoleilCS) -- E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsMobileCS) -- E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe (IVT Corporation)
SRV - (TabletServiceWacom) -- E:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (BsHelpCS) -- E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (Browser Defender Update Service) -- E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (McComponentHostService) -- E:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SwitchBoard) -- E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (uvnc_service) -- E:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (ftusbsrv) USB over Network (Server) -- E:\WINDOWS\system32\ftusbsrv.exe (FabulaTech)
SRV - (fsssvc) -- E:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ServiceLayer) -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Uniblue DiskRescue) -- E:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe (Uniblue)
SRV - (NOD32FiXTemDono) -- E:\WINDOWS\System32\regedt32.exe (Microsoft Corporation)
SRV - (VMCService) -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (EhttpSrv) -- E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- E:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (PSI_SVC_2) -- e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- E:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WinDefend) -- E:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Crypkey License) -- E:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)

========== Driver Services (SafeList) ==========

DRV - (btkrnl) -- E:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found
DRV - (L1e) -- E:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (AtiHdmiService) -- E:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (StarOpen) -- E:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (SbieDrv) -- E:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (FsUsbExDisk) -- E:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (dgderdrv) -- E:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (mv2) -- E:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)
DRV - (MBAMProtector) -- E:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- E:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (teamviewervpn) -- E:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Btcsrusb) -- E:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (wacmoumonitor) -- E:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (ss_bmdm) -- E:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- E:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- E:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- E:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ftusbload) -- E:\WINDOWS\system32\drivers\ftusbload.sys (FabulaTech)
DRV - (ftusb) -- E:\WINDOWS\system32\drivers\ftusb.sys ()
DRV - (Ser2pl) -- E:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (GUCI_AVS) Generic USB Controller Interface (AVS) -- E:\WINDOWS\system32\drivers\GUCI_AVS.sys (PixArt Imaging Incorporation)
DRV - (btnetBUs) -- E:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (BtHidBus) -- E:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (wacomvhid) -- E:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (fssfltr) -- E:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (RTL8187B) -- E:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (BT) -- E:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- E:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- E:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- E:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (CH341SER) -- E:\WINDOWS\system32\drivers\CH341SER.SYS (www.winchiphead.com)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mcdbus) -- E:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (UltraMonUtility) -- E:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (pccsmcfd) -- E:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- E:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (NwlnkIpx) -- E:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- E:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- E:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- E:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (hwdatacard) -- E:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (epfwtdir) -- E:\WINDOWS\system32\drivers\epfwtdir.sys ()
DRV - (easdrv) -- E:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- E:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (AsIO) -- E:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (vvftav303) -- E:\WINDOWS\system32\drivers\vvftav303.sys (Vimicro Corporation)
DRV - (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH) -- E:\WINDOWS\system32\drivers\usbVM303.sys (Vimicro Corporation)
DRV - (wacommousefilter) -- E:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (BTNetFilter) -- E:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (Monfilt) -- E:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Pnp680r) -- E:\WINDOWS\system32\DRIVERS\pnp680r.sys (Silicon Image, Inc)
DRV - (iteraid) -- E:\WINDOWS\system32\DRIVERS\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (MTsensor) -- E:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (NetworkX) -- E:\WINDOWS\system32\ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.c...c/fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: E:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/04 00:40:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/09/16 21:15:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/09/16 21:15:54 | 000,000,000 | ---D | M]

[2010/03/28 22:00:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Extensions
[2010/09/30 00:54:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions
[2010/09/24 11:26:42 | 000,000,000 | ---D | M] (Forecastfox Weather) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/08/19 22:23:38 | 000,000,000 | ---D | M] (Radio Bar 1 Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}
[2010/03/28 22:09:13 | 000,000,000 | ---D | M] (Shooter) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
[2010/03/28 22:09:13 | 000,000,000 | ---D | M] (PDF Download) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/06/23 09:24:06 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}
[2010/09/24 11:26:40 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/09/01 14:18:13 | 000,000,000 | ---D | M] (View Source Chart) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2010/08/26 11:56:55 | 000,000,000 | ---D | M] (ColorZilla) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/03/28 22:09:12 | 000,000,000 | ---D | M] (Live HTTP Headers) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/06/13 21:16:03 | 000,000,000 | ---D | M] (FireFTP) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/08/19 22:23:32 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/03/28 22:09:11 | 000,000,000 | ---D | M] (Web Developer) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/19 22:23:39 | 000,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/19 22:23:33 | 000,000,000 | ---D | M] (ViewSourceWith) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2010/09/24 11:26:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\en-US@dictionaries.addons.mozilla.org
[2010/03/28 22:09:16 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\howtovideosidebar@wonderhowto.com
[2010/03/28 22:09:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\toolbar@ask.com
[2010/04/11 09:50:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions
[2010/03/28 22:08:02 | 000,000,000 | ---D | M] (Forecastfox) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/03/28 22:08:01 | 000,000,000 | ---D | M] (Radio Bar 1 Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}
[2010/03/28 22:07:58 | 000,000,000 | ---D | M] (Shooter) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
[2010/03/28 22:07:58 | 000,000,000 | ---D | M] (PDF Download) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/28 22:07:57 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}
[2010/03/28 22:07:56 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/03/28 22:07:51 | 000,000,000 | ---D | M] (View Source Chart) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2010/03/28 22:07:51 | 000,000,000 | ---D | M] (Live HTTP Headers) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/03/28 22:07:50 | 000,000,000 | ---D | M] (FireFTP) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/11 09:50:39 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/03/28 22:07:48 | 000,000,000 | ---D | M] (Web Developer) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/03/28 22:07:48 | 000,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/28 22:07:47 | 000,000,000 | ---D | M] (Dafizilla ViewSourceWith) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2010/03/28 22:08:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/03/28 22:08:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\howtovideosidebar@wonderhowto.com
[2010/03/28 22:08:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\toolbar@ask.com
[2010/02/04 17:45:40 | 000,002,254 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\askcom.xml
[2010/01/20 13:15:54 | 000,000,925 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\conduit.xml
[2010/03/27 13:12:51 | 000,003,224 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\ebay-uk.xml
[2010/03/08 01:12:11 | 000,001,631 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\thepiratebay.xml
[2010/03/08 01:12:03 | 000,005,626 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\watchcountcom.xml
[2010/09/30 00:54:15 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2010/09/29 17:04:32 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/29 17:13:58 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/06 00:27:44 | 000,060,928 | ---- | M] (Adobe Systems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/11 17:44:28 | 000,001,538 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/11 17:44:28 | 000,000,947 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/11 17:44:28 | 000,000,769 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/11 17:44:28 | 000,001,135 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/03 01:42:47 | 000,001,211 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - E:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] E:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [egui] E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GUCI_AVS] E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [ISTray] E:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LiveZilla] E:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PACTray] E:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAP7501_Monitor] E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SwitchBoard] E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VMSnap3] E:\WINDOWS\VMSnap3.exe (Vimicro)
O4 - HKLM..\Run: [Windows Defender] E:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX600FW Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX600FW Series (Copy 1)] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [H/PC Connection Agent] E:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] E:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - HKCU..\Run: [SandboxieControl] E:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SpeedUpMyPC] E:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/24 09:47:27 | 000,000,000 | -H-D | M]
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = E:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk = E:\WINDOWS\Installer\{D28ED536-CCD0-4F38-987C-A57177371172}\_F7A06503601447F2BE72B0.exe ()
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = E:\WINDOWS\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico ()
O4 - Startup: E:\Documents and Settings\Andy\Start Menu\Programs\Startup\MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: E:\Documents and Settings\Andy\Start Menu\Programs\Startup\Vista & XP Virtual Desktops.lnk = E:\Documents and Settings\Andy\Application Data\Microsoft\Installer\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}\MainIcon.ico ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1269981272937 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: FolderControl - a9bb7b60-9ddd-428b-b704-836f2820c57e - E:\Program Files\Common Files\FolderControl\FolderControl.dll ()
O24 - Desktop WallPaper: E:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/16 19:14:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\Shell - "" = AutoRun
O33 - MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\Shell - "" = AutoRun
O33 - MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\S\Shell - "" = AutoRun
O33 - MountPoints2\S\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - E:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - E:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67286130185207808)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/30 21:46:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/09/29 17:14:18 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Java
[2010/09/28 20:18:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\system restore point
[2010/09/28 18:15:20 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hijackthis logs
[2010/09/28 18:06:23 | 000,000,000 | ---D | C] -- E:\Program Files\Trend Micro
[2010/09/27 22:29:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2010/09/26 17:54:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\wind
[2010/09/26 17:54:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\150_Dreamweaver_Template
[2010/09/26 17:40:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\photoOptimizeHistoryDataBase
[2010/09/26 17:40:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\Ashampoo Photo Optimizer 3
[2010/09/26 16:49:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Ashampoo
[2010/09/26 16:46:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\ashampoo
[2010/09/26 16:46:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\ashampoo
[2010/09/26 16:46:10 | 000,000,000 | ---D | C] -- E:\Program Files\Ashampoo
[2010/09/24 18:28:57 | 000,039,520 | ---- | C] (Oki Data Corporation) -- E:\WINDOWS\System32\drivers\OPAPLPT.SYS
[2010/09/24 18:28:41 | 000,000,000 | ---D | C] -- E:\Program Files\Okidata
[2010/09/22 03:37:39 | 000,000,000 | ---D | C] -- E:\Program Files\USB over Network (Server)
[2010/09/22 03:37:39 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\FabulaTech
[2010/09/22 03:25:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\usb
[2010/09/19 00:16:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Version Cue
[2010/09/19 00:16:44 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\AdobeStockPhotos
[2010/09/19 00:11:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/09/18 23:40:03 | 000,000,000 | ---D | C] -- E:\Program Files\Bonjour
[2010/09/18 23:19:12 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Macrovision Shared
[2010/09/18 22:57:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Adobe CS3
[2010/09/15 00:08:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\MM-Backup
[2010/09/15 00:06:39 | 000,000,000 | ---D | C] -- E:\Program Files\MM-Exporter
[2010/09/14 23:58:24 | 002,966,347 | ---- | C] (JOEXX ) -- E:\Documents and Settings\Andy\Desktop\MM-Exporter_233_Setup.exe
[2010/09/14 23:38:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\dreamweaversites
[2010/09/09 13:01:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\MagiCut6
[2010/09/09 12:58:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\MagiCut
[2010/09/09 12:58:02 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Wintertree
[2010/09/09 12:58:00 | 000,000,000 | ---D | C] -- E:\Program Files\MagiCut
[2010/09/05 07:08:38 | 000,000,000 | ---D | C] -- E:\Program Files\SignGo
[2010/09/05 07:08:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\SignGo
[2010/09/05 07:08:04 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2010/09/02 21:15:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\punto 2010
[2010/08/30 11:23:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\autodata lees
[2010/08/29 21:39:10 | 000,000,000 | ---D | C] -- E:\Program Files\3CX PhoneSystem
[2010/08/29 21:39:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\3CX
[2010/08/29 21:37:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Install
[2010/08/29 15:49:16 | 000,065,536 | ---- | C] (Kenonic Controls Ltd.) -- E:\WINDOWS\System32\Crypserv.exe
[2010/08/29 15:49:15 | 000,165,888 | ---- | C] (Kenonic Controls) -- E:\WINDOWS\Ckconfig.exe
[2010/08/29 15:49:01 | 000,724,992 | ---- | C] (Indigo Rose Corporation) -- E:\WINDOWS\iun6002.exe
[2010/08/29 15:48:45 | 000,000,000 | ---D | C] -- E:\Program Files\Visualtoolbox
[2010/08/29 15:16:03 | 000,000,000 | ---D | C] -- E:\Program Files\SignMax
[2010/08/28 22:41:26 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live Safety Center
[2010/08/28 13:08:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\DPA Software
[2010/08/28 10:38:16 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Defender
[2010/08/27 08:12:29 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
[2010/08/26 11:40:47 | 000,543,616 | ---- | C] (PixArt Imaging Incorporation) -- E:\WINDOWS\System32\drivers\GUCI_AVS.sys
[2010/08/26 11:40:47 | 000,007,168 | ---- | C] (PixArt Imaging Inc.) -- E:\WINDOWS\System32\COINST_080603.dll
[2010/08/26 11:40:42 | 000,114,688 | ---- | C] (PixArt Imaging Incorporation) -- E:\WINDOWS\System32\PixArt.ax
[2010/08/26 11:40:40 | 000,175,104 | ---- | C] (PixArt Imaging Incorporation) -- E:\WINDOWS\System32\GUCI_AVS.ax
[2010/08/26 11:40:40 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- E:\WINDOWS\System32\GUCI_AVS.dll
[2010/08/26 11:40:40 | 000,000,000 | ---D | C] -- E:\WINDOWS\PixArt
[2010/08/26 11:40:40 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\PAP7501
[2010/08/24 09:47:27 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/08/24 09:43:52 | 000,610,304 | ---- | C] (Sysinternals) -- E:\WINDOWS\SysInternals Bluescreen.scr
[2010/08/24 09:43:50 | 000,000,000 | ---D | C] -- E:\Program Files\Sysinternals Toolbox
[2010/08/24 08:58:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/08/24 08:23:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\HHD Software
[2010/08/24 07:47:37 | 000,051,200 | ---- | C] (Prolific Technology Inc.) -- E:\WINDOWS\System32\drivers\ser2pl.sys
[2010/08/24 07:47:36 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- E:\WINDOWS\System32\SER9PL.sys
[2010/08/24 07:46:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\serialdrivers
[2010/08/24 01:56:18 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\ActiveXperts
[2010/08/24 01:56:13 | 000,000,000 | ---D | C] -- E:\Program Files\ActiveXperts
[2010/08/22 20:52:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Application Data\Vodafone
[2010/08/22 17:14:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Uniblue
[2010/08/22 03:12:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\vehicletemplates
[2010/08/22 02:03:34 | 000,000,000 | ---D | C] -- E:\Program Files\MyFree Codec
[2010/08/22 01:59:55 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Publish Providers
[2010/08/22 01:55:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Vegas Movie Studio HD Platinum 10.0 Projects
[2010/08/22 01:54:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sony
[2010/08/22 01:12:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Sony Vegas Movie Studio HD Platinum 10.0.179
[2010/08/22 01:09:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Sony
[2010/08/22 01:09:44 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\Sony
[2010/08/22 01:01:08 | 000,000,000 | ---D | C] -- E:\Program Files\Sony
[2010/08/22 01:01:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Architect
[2010/08/22 01:00:23 | 000,000,000 | ---D | C] -- E:\Program Files\Sony Setup
[2010/08/22 00:43:27 | 000,000,000 | ---D | C] -- E:\Program Files\Fotosizer
[2010/08/21 19:59:06 | 000,100,224 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bserd.sys
[2010/08/21 19:59:04 | 000,123,648 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/08/21 19:59:04 | 000,014,848 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/08/21 19:59:04 | 000,012,416 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/08/21 19:59:02 | 000,098,432 | ---- | C] (MCCI) -- E:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/08/21 19:59:02 | 000,012,288 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/08/20 01:41:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Qualcomm_USB_Driver_2.0.3.9
[2010/08/20 01:38:55 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Samsung_AGERE_USB_Modem_Driver_4.40.4.0
[2010/08/20 00:30:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Free Sound Recorder
[2010/08/20 00:30:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Free Sound Recorder
[2010/08/20 00:30:10 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioVisualization2.dll
[2010/08/20 00:30:10 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTTextToAudio2.dll
[2010/08/20 00:30:10 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTWMAFile2.dll
[2010/08/20 00:30:09 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTAudioFile2.dll
[2010/08/20 00:30:09 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioInformation2.dll
[2010/08/20 00:30:09 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioEditor2.dll
[2010/08/20 00:30:09 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioTransform2.dll
[2010/08/20 00:30:09 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioRecord2.dll
[2010/08/20 00:30:09 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010/08/20 00:30:08 | 000,835,584 | ---- | C] (NCT) -- E:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2010/08/20 00:30:05 | 000,000,000 | ---D | C] -- E:\Program Files\Free Sound Recorder
[2010/08/20 00:27:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Audacity
[2010/08/20 00:26:58 | 000,000,000 | ---D | C] -- E:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/20 00:17:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Samsung
[2010/08/20 00:17:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/20 00:17:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\PC Suite
[2010/08/19 22:21:20 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\PCHealth
[2010/08/19 11:34:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/08/19 10:58:39 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Media Connect 2
[2010/08/19 10:49:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\Samsung_USB_Drivers
[2010/08/19 03:21:41 | 000,018,816 | ---- | C] (Nokia) -- E:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/08/19 02:14:09 | 000,217,088 | ---- | C] (Teruten) -- E:\WINDOWS\System32\FsUsbExService.Exe
[2010/08/19 02:10:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Samsung
[2010/08/19 02:09:57 | 000,000,000 | ---D | C] -- E:\Program Files\MarkAny
[2010/08/19 02:09:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Samsung
[2010/08/19 02:07:51 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\drivers\umdf
[2010/08/19 02:03:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\XPSViewer
[2010/08/19 02:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\MSBuild
[2010/08/19 02:03:42 | 000,000,000 | ---D | C] -- E:\Program Files\Reference Assemblies
[2010/08/19 02:02:28 | 000,000,000 | ---D | C] -- E:\9174aeee9fa31e117e36
[2010/08/19 01:57:37 | 000,000,000 | -HSD | C] -- E:\Config.Msi
[2010/08/19 01:40:23 | 000,000,000 | ---D | C] -- E:\Program Files\Samsung
[2010/08/19 01:40:05 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Samsung
[2010/08/19 00:49:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\samsung unlocking software
[2010/08/19 00:48:03 | 000,012,416 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/08/19 00:47:59 | 000,012,288 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/08/15 19:47:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\3CX VoIP Phone
[2010/08/15 19:47:19 | 000,000,000 | ---D | C] -- E:\Program Files\3CXPhone
[2010/08/11 22:45:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest]
[2010/08/10 20:55:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Accounts
[2010/08/07 00:10:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Uniblue
[2010/08/07 00:10:07 | 000,000,000 | ---D | C] -- E:\Program Files\Uniblue
[2010/08/06 23:44:27 | 000,000,000 | ---D | C] -- E:\Program Files\MSECache
[2010/08/06 23:29:35 | 000,000,000 | ---D | C] -- E:\Program Files\docXConverter3
[2010/08/05 15:09:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Signlab7
[2010/08/02 01:01:54 | 000,360,580 | ---- | C] (eSellerate Inc.) -- E:\WINDOWS\eSellerateEngine.dll
[2010/08/02 01:01:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\docXConverter logs
[2010/08/02 01:01:52 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\eSellerate
[2010/08/01 23:59:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Templates 0001-0087
[2010/07/31 00:30:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\RAID Utility
[2010/07/31 00:29:42 | 000,024,539 | R--- | C] (Integrated Technology Express, Inc.) -- E:\WINDOWS\System32\drivers\iteraid.sys
[2010/07/27 20:13:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\updates
[2010/07/24 02:41:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\newrom
[2010/07/24 02:06:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\New Folder (4)
[2010/07/24 02:04:33 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\1.56.70.11
[2010/07/24 01:53:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hardsplsd
[2010/07/24 00:59:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hardsplv7
[2010/07/24 00:07:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hardspl
[2010/07/23 23:55:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\mcool
[2010/07/23 23:47:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\spv m700
[2010/07/22 04:13:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Win_XP
[2010/07/22 03:36:41 | 000,000,000 | ---D | C] -- E:\Program Files\Silicon Image
[2010/07/22 03:35:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\win6
[2010/07/22 03:35:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil5
[2010/07/22 03:33:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil4
[2010/07/22 03:32:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil3
[2010/07/22 03:30:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil2
[2010/07/22 03:18:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil
[2010/07/21 00:31:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\osticket
[2010/07/19 11:46:24 | 000,040,024 | ---- | C] (3CX Ltd.) -- E:\WINDOWS\System32\3CXInstallationChecker.exe
[2010/07/15 09:18:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Tracing
[2010/07/15 00:04:46 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Silverlight
[2010/07/15 00:04:23 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Office Outlook Connector
[2010/07/15 00:03:21 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Sync Framework
[2010/07/15 00:02:00 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/15 00:00:35 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft
[2010/07/15 00:00:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Documents\microsoft
[2010/07/15 00:00:13 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live SkyDrive
[2010/07/14 23:59:42 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live
[2010/07/14 23:54:26 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Windows Live
[2010/07/14 23:47:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\Threat Expert
[2010/07/14 23:47:08 | 000,000,000 | ---D | C] -- E:\Program Files\MSN Toolbar
[2010/07/14 23:22:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\My Received Files
[2010/07/14 00:44:19 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Protexis
[2010/07/14 00:41:21 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Corel
[2010/07/14 00:40:40 | 000,000,000 | ---D | C] -- E:\Program Files\Corel
[2010/07/14 00:38:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\CorelDRAW_Graphics_Suite_X4_Keygen_AGAiN
[2010/07/13 20:37:45 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\SETUP (USB DRIVER)
[2010/07/13 20:25:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\RcIncidents
[2010/07/13 01:34:01 | 000,000,000 | R--D | C] -- E:\Sandbox
[2010/07/13 01:12:10 | 000,000,000 | ---D | C] -- E:\Program Files\Sandboxie
[2010/07/13 00:43:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\CorelDRAW Graphics Suite X4 v14.0.0.567 crack by donald.duck
[2010/07/13 00:31:18 | 000,795,936 | ---- | C] (Corel Corporation) -- E:\Documents and Settings\Andy\Desktop\crlutl.dll
[2010/07/13 00:31:17 | 011,994,400 | ---- | C] (Corel Corporation) -- E:\Documents and Settings\Andy\Desktop\CorelPP.dll
[2010/07/13 00:31:17 | 011,121,952 | ---- | C] (Corel Corporation) -- E:\Documents and Settings\Andy\Desktop\CorelDrw.dll
[2010/07/07 23:30:11 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\.yawcam
[2010/07/07 23:29:21 | 000,000,000 | ---D | C] -- E:\Program Files\Yawcam
[2010/07/07 23:19:33 | 000,000,000 | ---D | C] -- E:\WINDOWS\EffectResources
[2010/07/07 23:18:50 | 000,122,880 | ---- | C] (www.zsmc.com.cn) -- E:\WINDOWS\VM303Cap.exe
[2010/07/07 23:18:50 | 000,081,920 | ---- | C] (VM) -- E:\WINDOWS\System32\VM303STI.dll
[2010/07/07 23:18:50 | 000,049,152 | ---- | C] (Vimicro) -- E:\WINDOWS\VMSnap3.exe
[2010/07/07 23:18:50 | 000,046,592 | ---- | C] (Vimicro Cooperation) -- E:\WINDOWS\System32\VvFtCtrl.dll
[2010/07/07 23:18:49 | 001,474,560 | ---- | C] (Vimicro Corporation) -- E:\WINDOWS\System32\drivers\usbVM303.sys
[2010/07/07 23:18:49 | 000,475,136 | ---- | C] (Vimicro Corporation) -- E:\WINDOWS\System32\drivers\vvftav303.sys
[2010/07/07 23:18:49 | 000,262,218 | ---- | C] (Vimicro) -- E:\WINDOWS\System32\VM303Prp.Ax
[2010/07/07 23:18:49 | 000,102,400 | ---- | C] (Vimicro) -- E:\WINDOWS\System32\vvftprpav303.ax
[2010/07/07 23:18:33 | 000,000,000 | ---D | C] -- E:\Program Files\Vimicro
[2010/07/07 23:12:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\ChipTypedetector
[2010/07/05 20:31:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\leigh
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/30 23:18:48 | 000,000,113 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\computer intermittant.URL
[2010/09/30 21:46:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/09/30 21:45:14 | 000,485,896 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\HAMeb_check.exe
[2010/09/30 21:44:28 | 000,133,632 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\RKUnhookerLE.EXE
[2010/09/30 21:43:53 | 000,080,384 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MBRCheck.exe
[2010/09/30 21:33:07 | 006,553,600 | ---- | M] () -- E:\Documents and Settings\Andy\NTUSER.DAT
[2010/09/30 14:44:45 | 000,003,974 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\kaspersky.html
[2010/09/30 14:03:11 | 000,033,759 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\nadia.jpg
[2010/09/30 10:43:55 | 003,914,409 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Andymitchmitch.pdf
[2010/09/30 02:07:04 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/30 01:55:26 | 000,044,726 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\andy2.jpg
[2010/09/30 01:37:31 | 000,047,162 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Andy.jpg
[2010/09/29 17:12:13 | 000,000,825 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/09/29 13:38:32 | 000,001,436 | ---- | M] () -- E:\WINDOWS\Sandboxie.ini
[2010/09/28 18:06:26 | 000,001,982 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2010/09/27 22:29:03 | 000,000,832 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Widget Browser.lnk
[2010/09/27 22:28:27 | 001,327,375 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\widgetbrowser_468.air
[2010/09/26 17:40:45 | 000,000,874 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 17:40:45 | 000,000,856 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 16:46:55 | 000,000,808 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
[2010/09/26 16:46:55 | 000,000,790 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Commander 8.lnk
[2010/09/24 18:39:12 | 000,512,960 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/24 18:39:12 | 000,436,796 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010/09/24 18:39:12 | 000,069,196 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010/09/24 18:35:52 | 000,006,547 | ---- | M] () -- E:\WINDOWS\System32\LOCALSERVICE.INI
[2010/09/24 18:35:42 | 000,000,262 | ---- | M] () -- E:\WINDOWS\tasks\RegistryBooster.job
[2010/09/24 18:34:16 | 000,002,427 | ---- | M] () -- E:\Documents and Settings\Andy\Start Menu\Programs\Startup\Vista & XP Virtual Desktops.lnk
[2010/09/24 18:34:14 | 000,002,299 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2010/09/24 18:34:12 | 000,002,435 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
[2010/09/24 18:33:57 | 000,001,228 | ---- | M] () -- E:\WINDOWS\System32\bscs.ini
[2010/09/24 18:33:47 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/09/24 18:33:44 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/09/24 11:09:54 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/09/22 23:10:47 | 000,003,660 | -HS- | M] () -- E:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/09/22 21:51:52 | 003,760,472 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/22 03:37:40 | 000,000,730 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\USB over Network (Server).lnk
[2010/09/19 00:09:58 | 000,067,968 | ---- | M] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/18 01:07:47 | 000,002,681 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\1st4tees.ste
[2010/09/16 12:47:19 | 000,502,384 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\SDC10413.JPG
[2010/09/15 20:51:29 | 1639,705,446 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\maccs5.rar
[2010/09/15 00:12:15 | 001,454,115 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\MM-Backup.rar
[2010/09/15 00:06:43 | 000,000,790 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MM-Exporter.lnk
[2010/09/14 23:57:11 | 002,966,347 | ---- | M] (JOEXX ) -- E:\Documents and Settings\Andy\Desktop\MM-Exporter_233_Setup.exe
[2010/09/14 17:58:27 | 000,004,957 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Anon Snowboard Logo.eps
[2010/09/14 17:58:27 | 000,004,957 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Anon Snowboard Logo.eps
[2010/09/12 02:20:07 | 000,000,000 | ---- | M] () -- E:\WINDOWS\MagiCut6.INI
[2010/09/10 23:22:33 | 000,096,068 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\PolicyAdjustmentDocuments_32345.pdf
[2010/09/09 12:58:35 | 000,001,671 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\MagiCut 6.lnk
[2010/09/08 22:48:49 | 000,001,000 | ---- | M] () -- E:\WINDOWS\win.ini
[2010/09/08 16:04:23 | 004,882,944 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Cutters-08092010.xls
[2010/09/06 14:23:31 | 000,068,592 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\create_ActionOriginPair=pr.pdf
[2010/09/06 09:16:51 | 000,025,488 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher2.jpg
[2010/09/06 09:08:06 | 000,006,787 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher.jpg
[2010/09/05 07:11:06 | 000,000,069 | ---- | M] () -- E:\WINDOWS\signgo.ini
[2010/09/05 07:08:43 | 000,001,639 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SignGo.lnk
[2010/08/29 22:16:08 | 001,049,658 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\novavox-x100p-se-installation-guide.pdf
[2010/08/29 21:19:45 | 000,002,240 | ---- | M] () -- E:\WINDOWS\System32\esnecil.ind
[2010/08/29 15:50:19 | 000,002,240 | ---- | M] () -- E:\WINDOWS\System32\esnecil.nlp
[2010/08/29 15:49:32 | 000,000,057 | ---- | M] () -- E:\WINDOWS\Crypkey.ini
[2010/08/29 15:49:05 | 000,018,281 | ---- | M] () -- E:\Program Files\irunin.ini
[2010/08/29 15:49:05 | 000,001,736 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Vistool 6 Programs.lnk
[2010/08/29 15:48:22 | 000,724,992 | ---- | M] (Indigo Rose Corporation) -- E:\WINDOWS\iun6002.exe
[2010/08/29 15:48:22 | 000,215,727 | ---- | M] () -- E:\Program Files\irunin.dat
[2010/08/29 15:48:22 | 000,015,938 | ---- | M] () -- E:\Program Files\irunin.lng
[2010/08/29 15:48:22 | 000,008,134 | ---- | M] () -- E:\Program Files\irunin.bmp
[2010/08/29 15:19:40 | 000,000,257 | ---- | M] () -- E:\WINDOWS\WinPCSIGN.INI
[2010/08/29 15:16:34 | 000,001,754 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\WinPCSIGN Pro 2010.lnk
[2010/08/28 13:08:04 | 000,001,407 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\FlexiSIGN-PRO Demonstraction CD.lnk
[2010/08/27 08:13:21 | 000,000,376 | ---- | M] () -- E:\WINDOWS\tasks\Uniblue DiskRescue 2009.job
[2010/08/27 08:12:49 | 000,000,808 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\DiskRescue 2009.lnk
[2010/08/27 08:12:49 | 000,000,790 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\DiskRescue 2009.lnk
[2010/08/26 19:03:41 | 000,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2010/08/26 11:40:49 | 000,000,803 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\amcap.lnk
[2010/08/24 09:58:53 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 09:58:51 | 000,000,340 | ---- | M] () -- E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FRONTROOM-Andy.job
[2010/08/24 08:23:28 | 000,002,303 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk
[2010/08/24 08:23:28 | 000,002,285 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Hex Editor Neo.lnk
[2010/08/24 01:56:25 | 000,000,019 | ---- | M] () -- E:\WINDOWS\info023
[2010/08/24 01:56:25 | 000,000,019 | ---- | M] () -- E:\WINDOWS\info022
[2010/08/24 01:56:18 | 000,000,807 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\ActiveComport.lnk
[2010/08/22 20:27:15 | 000,046,632 | ---- | M] (Atheros Communications, Inc.) -- E:\WINDOWS\System32\drivers\l1e51x86.sys
[2010/08/22 19:06:39 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) -- E:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010/08/22 17:05:15 | 000,000,782 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PixelPerfect.lnk
[2010/08/22 17:05:15 | 000,000,764 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\PixelPerfect.lnk
[2010/08/22 01:59:03 | 000,002,564 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Register Vegas Movie Studio HD Platinum.htm
[2010/08/22 01:54:19 | 000,001,863 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Vegas Movie Studio HD Platinum 10.0.lnk
[2010/08/22 01:51:09 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2010/08/22 01:08:53 | 000,002,560 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Register DVD Architect Pro.htm
[2010/08/22 01:01:30 | 000,001,715 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\DVD Architect Pro 4.5.lnk
[2010/08/22 00:43:28 | 000,000,722 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk
[2010/08/22 00:43:28 | 000,000,704 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Fotosizer.lnk
[2010/08/20 00:27:27 | 000,000,739 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/08/20 00:17:23 | 000,001,614 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2010/08/20 00:14:39 | 000,002,006 | ---- | M] () -- E:\aqua_bitmap.cpp
[2010/08/19 22:22:14 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/08/19 22:19:12 | 000,000,101 | ---- | M] () -- E:\WINDOWS\System32\LOCALDEVICE.INI
[2010/08/19 22:13:50 | 000,005,632 | ---- | M] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 11:38:56 | 000,000,810 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/19 11:37:41 | 000,023,392 | ---- | M] () -- E:\WINDOWS\System32\nscompat.tlb
[2010/08/19 11:37:41 | 000,016,832 | ---- | M] () -- E:\WINDOWS\System32\amcompat.tlb
[2010/08/19 10:57:20 | 000,316,640 | ---- | M] () -- E:\WINDOWS\WMSysPr9.prx
[2010/08/19 10:51:56 | 000,001,793 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2010/08/19 10:49:07 | 000,000,673 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2010/08/19 03:21:36 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/19 02:09:51 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2010/08/17 23:43:18 | 000,352,446 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Map for email.jpg
[2010/08/16 02:05:43 | 000,000,485 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4tees.lnk
[2010/08/16 02:05:37 | 000,000,555 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4cuttersandplotters.lnk
[2010/08/16 02:04:50 | 000,000,434 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to maxtor 160 websites.lnk
[2010/08/15 01:03:09 | 000,063,488 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\tshirt prices.doc
[2010/08/14 16:20:36 | 000,019,582 | ---- | M] () -- E:\WINDOWS\EPSTPLOG.BAK
[2010/08/13 18:42:49 | 002,937,856 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\WRT54GS-v4_1.06.3.002_fw(3).bin
[2010/08/13 03:20:04 | 002,937,856 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\WRT54GS-v4_1.06.3.002_fw.bin
[2010/08/13 00:11:32 | 000,394,621 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\WiFiMonster_v1.0.52.149_VGA.zip
[2010/08/11 23:06:34 | 1047,718,111 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip
[2010/08/11 17:07:05 | 000,001,496 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MagicISO.lnk
[2010/08/08 00:29:17 | 000,001,515 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/08 00:29:16 | 000,001,515 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/08/07 14:11:09 | 004,663,808 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Cutters-04082010.xls
[2010/08/07 00:10:28 | 000,000,752 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/08/07 00:10:28 | 000,000,734 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\PowerSuite.lnk
[2010/08/06 23:29:38 | 000,010,584 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\docXConverter (3).ini
[2010/08/06 23:29:38 | 000,000,135 | -H-- | M] () -- E:\Documents and Settings\Andy\Application Data\lakerda1967.sys
[2010/08/06 23:29:37 | 000,000,571 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\docXConverter.lnk
[2010/08/05 21:50:03 | 000,111,853 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\vinyl colour chart.jpg
[2010/08/05 16:55:43 | 000,174,644 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Picture 3.png
[2010/08/02 01:01:54 | 000,360,580 | ---- | M] (eSellerate Inc.) -- E:\WINDOWS\eSellerateEngine.dll
[2010/07/30 23:50:11 | 003,183,246 | -H-- | M] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\IconCache.db
[2010/07/30 14:04:07 | 000,064,292 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\_IO Cable_PL-2303_Drivers - Generic_MacOS_MacOS 10.x_md_pl2303H_HX_X_dmg_v1.2.1r2.zip
[2010/07/29 21:02:17 | 003,914,388 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\jayjay.pdf
[2010/07/25 23:23:43 | 000,124,854 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\berth.jpg
[2010/07/25 23:13:33 | 000,199,692 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\passing.jpg
[2010/07/25 12:42:11 | 000,013,261 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\ uk-racer has sent a question about item #180534330869, that ending on 16-Aug-10 13_38_57 BST - QUALITY T-SHIRT VINYL - FLEX HEAT TRANSFER 520mm x 1m .htm
[2010/07/21 04:19:42 | 000,767,928 | ---- | M] () -- E:\WINDOWS\BDTSupport.dll
[2010/07/19 11:46:24 | 000,040,024 | ---- | M] (3CX Ltd.) -- E:\WINDOWS\System32\3CXInstallationChecker.exe
[2010/07/17 21:41:04 | 000,000,786 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to FILES.lnk
[2010/07/17 21:17:37 | 000,010,752 | ---- | M] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 01:12:11 | 000,000,776 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Sandboxed Web Browser.lnk
[2010/07/13 01:12:11 | 000,000,776 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/07/07 23:29:33 | 000,001,626 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2010/07/07 23:29:33 | 000,001,536 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Yawcam.lnk
[2010/07/05 22:28:51 | 002,736,550 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Snap1.bmp
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/30 23:18:48 | 000,000,113 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\computer intermittant.URL
[2010/09/30 21:45:09 | 000,485,896 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\HAMeb_check.exe
[2010/09/30 21:44:27 | 000,133,632 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\RKUnhookerLE.EXE
[2010/09/30 21:43:52 | 000,080,384 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\MBRCheck.exe
[2010/09/30 14:44:45 | 000,003,974 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\kaspersky.html
[2010/09/30 14:03:10 | 000,033,759 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\nadia.jpg
[2010/09/30 10:43:46 | 003,914,409 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Andymitchmitch.pdf
[2010/09/30 01:55:25 | 000,044,726 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\andy2.jpg
[2010/09/30 01:37:22 | 000,047,162 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Andy.jpg
[2010/09/28 18:06:26 | 000,001,982 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2010/09/27 22:29:03 | 000,000,832 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Widget Browser.lnk
[2010/09/27 22:28:25 | 001,327,375 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\widgetbrowser_468.air
[2010/09/26 17:40:45 | 000,000,874 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 17:40:45 | 000,000,856 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 16:46:55 | 000,000,808 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
[2010/09/26 16:46:55 | 000,000,790 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Commander 8.lnk
[2010/09/26 16:24:00 | 004,882,944 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Cutters-08092010.xls
[2010/09/24 18:28:56 | 000,000,785 | ---- | C] () -- E:\WINDOWS\System32\OPAPLPT.DAT
[2010/09/22 03:37:40 | 000,000,730 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\USB over Network (Server).lnk
[2010/09/16 14:40:32 | 000,004,957 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Anon Snowboard Logo.eps
[2010/09/16 13:31:08 | 000,502,384 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\SDC10413.JPG
[2010/09/15 20:46:13 | 1639,705,446 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\maccs5.rar
[2010/09/15 00:12:11 | 001,454,115 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\MM-Backup.rar
[2010/09/15 00:06:43 | 000,000,790 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\MM-Exporter.lnk
[2010/09/14 23:38:46 | 000,002,681 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\1st4tees.ste
[2010/09/14 21:57:10 | 000,004,957 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Anon Snowboard Logo.eps
[2010/09/12 02:20:07 | 000,000,000 | ---- | C] () -- E:\WINDOWS\MagiCut6.INI
[2010/09/11 23:26:03 | 738,789,632 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, FlashPaper 2, ColdFusion MX 7 Developer Edition, FreeHand MX 11.0.2, Ca.rar
[2010/09/10 23:22:32 | 000,096,068 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\PolicyAdjustmentDocuments_32345.pdf
[2010/09/09 12:58:35 | 000,001,671 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\MagiCut 6.lnk
[2010/09/07 01:06:35 | 1047,718,111 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip
[2010/09/06 14:23:31 | 000,068,592 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\create_ActionOriginPair=pr.pdf
[2010/09/06 09:16:51 | 000,025,488 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher2.jpg
[2010/09/06 09:08:05 | 000,006,787 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher.jpg
[2010/09/05 07:11:06 | 000,000,069 | ---- | C] () -- E:\WINDOWS\signgo.ini
[2010/09/05 07:08:43 | 000,001,639 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SignGo.lnk
[2010/08/31 14:51:17 | 000,033,595 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\LiYu.csm
[2010/08/31 14:51:17 | 000,005,243 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\LiYuCut.csm
[2010/08/29 22:16:08 | 001,049,658 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\novavox-x100p-se-installation-guide.pdf
[2010/08/29 15:50:17 | 000,002,240 | ---- | C] () -- E:\WINDOWS\System32\esnecil.nlp
[2010/08/29 15:50:17 | 000,002,240 | ---- | C] () -- E:\WINDOWS\System32\esnecil.ind
[2010/08/29 15:49:32 | 000,000,057 | ---- | C] () -- E:\WINDOWS\Crypkey.ini
[2010/08/29 15:49:16 | 000,029,414 | ---- | C] () -- E:\WINDOWS\System32\Ckldrv.sys
[2010/08/29 15:49:15 | 000,027,648 | R--- | C] () -- E:\WINDOWS\Setup_ck.exe
[2010/08/29 15:49:15 | 000,018,432 | ---- | C] () -- E:\WINDOWS\Setup_ck.dll
[2010/08/29 15:49:15 | 000,011,776 | ---- | C] () -- E:\WINDOWS\Ckrfresh.exe
[2010/08/29 15:49:05 | 000,001,736 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Vistool 6 Programs.lnk
[2010/08/29 15:49:01 | 000,215,727 | ---- | C] () -- E:\Program Files\irunin.dat
[2010/08/29 15:49:01 | 000,018,281 | ---- | C] () -- E:\Program Files\irunin.ini
[2010/08/29 15:49:01 | 000,015,938 | ---- | C] () -- E:\Program Files\irunin.lng
[2010/08/29 15:49:01 | 000,008,134 | ---- | C] () -- E:\Program Files\irunin.bmp
[2010/08/29 15:19:33 | 000,000,257 | ---- | C] () -- E:\WINDOWS\WinPCSIGN.INI
[2010/08/29 15:16:52 | 000,028,809 | ---- | C] () -- E:\WINDOWS\System32\wpcs2k10.ico
[2010/08/29 15:16:34 | 000,001,754 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\WinPCSIGN Pro 2010.lnk
[2010/08/28 13:08:04 | 000,001,407 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\FlexiSIGN-PRO Demonstraction CD.lnk
[2010/08/28 10:41:22 | 000,000,330 | -H-- | C] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/27 08:13:21 | 000,000,376 | ---- | C] () -- E:\WINDOWS\tasks\Uniblue DiskRescue 2009.job
[2010/08/27 08:12:49 | 000,000,808 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\DiskRescue 2009.lnk
[2010/08/27 08:12:49 | 000,000,790 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\DiskRescue 2009.lnk
[2010/08/26 11:40:47 | 000,002,157 | ---- | C] () -- E:\WINDOWS\System32\GUCI_AVS.ini
[2010/08/24 08:23:28 | 000,002,303 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk
[2010/08/24 08:23:28 | 000,002,285 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Hex Editor Neo.lnk
[2010/08/24 07:47:36 | 000,026,719 | ---- | C] () -- E:\WINDOWS\System32\SERSPL.VXD
[2010/08/24 01:56:25 | 000,000,019 | ---- | C] () -- E:\WINDOWS\info023
[2010/08/24 01:56:25 | 000,000,019 | ---- | C] () -- E:\WINDOWS\info022
[2010/08/24 01:56:18 | 000,000,807 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\ActiveComport.lnk
[2010/08/22 17:05:15 | 000,000,782 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PixelPerfect.lnk
[2010/08/22 17:05:15 | 000,000,764 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\PixelPerfect.lnk
[2010/08/22 01:55:50 | 000,002,564 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Register Vegas Movie Studio HD Platinum.htm
[2010/08/22 01:54:19 | 000,001,863 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Vegas Movie Studio HD Platinum 10.0.lnk
[2010/08/22 01:08:53 | 000,002,560 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Register DVD Architect Pro.htm
[2010/08/22 01:01:30 | 000,001,715 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\DVD Architect Pro 4.5.lnk
[2010/08/22 00:43:28 | 000,000,722 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk
[2010/08/22 00:43:28 | 000,000,704 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Fotosizer.lnk
[2010/08/20 00:30:10 | 000,113,486 | ---- | C] () -- E:\WINDOWS\System32\NCTWMAProfiles.prx
[2010/08/20 00:27:27 | 000,000,739 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/08/20 00:17:23 | 000,001,614 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2010/08/19 22:18:03 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/08/19 22:15:10 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/08/19 10:51:56 | 000,001,793 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2010/08/19 10:49:33 | 000,000,766 | ---- | C] () -- E:\WINDOWS\System32\Uninstall.ico
[2010/08/19 10:49:24 | 000,005,632 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 10:49:07 | 000,000,673 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2010/08/19 03:21:36 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/19 02:14:10 | 000,110,592 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/19 02:14:09 | 000,036,640 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/19 02:09:51 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2010/08/19 02:04:34 | 001,534,488 | ---- | C] () -- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/19 01:38:59 | 000,002,006 | ---- | C] () -- E:\aqua_bitmap.cpp
[2010/08/17 23:43:17 | 000,352,446 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Map for email.jpg
[2010/08/16 02:05:49 | 000,000,485 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4tees.lnk
[2010/08/16 02:05:40 | 000,000,555 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4cuttersandplotters.lnk
[2010/08/16 02:04:53 | 000,000,434 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to maxtor 160 websites.lnk
[2010/08/15 01:00:56 | 000,063,488 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\tshirt prices.doc
[2010/08/14 16:13:05 | 000,000,182 | ---- | C] () -- E:\WINDOWS\System32\EBPPORT.DAT
[2010/08/14 16:12:39 | 000,019,582 | ---- | C] () -- E:\WINDOWS\EPSTPLOG.BAK
[2010/08/13 18:42:49 | 002,937,856 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\WRT54GS-v4_1.06.3.002_fw(3).bin
[2010/08/13 03:22:10 | 002,937,856 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\WRT54GS-v4_1.06.3.002_fw.bin
[2010/08/13 02:54:27 | 003,122,208 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\WRT54GV4.0_4.21.1_US_code.bin
[2010/08/13 00:11:32 | 000,394,621 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\WiFiMonster_v1.0.52.149_VGA.zip
[2010/08/07 14:10:51 | 004,663,808 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Cutters-04082010.xls
[2010/08/07 11:24:27 | 000,111,853 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\vinyl colour chart.jpg
[2010/08/07 00:10:40 | 000,000,262 | ---- | C] () -- E:\WINDOWS\tasks\RegistryBooster.job
[2010/08/07 00:10:28 | 000,000,752 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/08/07 00:10:28 | 000,000,734 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\PowerSuite.lnk
[2010/08/06 23:29:37 | 000,000,571 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\docXConverter.lnk
[2010/08/05 21:54:39 | 000,174,644 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Picture 3.png
[2010/08/02 01:01:54 | 000,000,135 | -H-- | C] () -- E:\Documents and Settings\Andy\Application Data\lakerda1967.sys
[2010/08/02 01:01:51 | 000,010,584 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\docXConverter (3).ini
[2010/07/31 18:33:25 | 000,086,584 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\LMS Hippy Chick.ttf
[2010/07/31 18:33:12 | 000,076,868 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\CHICK___.TTF
[2010/07/30 14:10:33 | 000,064,292 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\_IO Cable_PL-2303_Drivers - Generic_MacOS_MacOS 10.x_md_pl2303H_HX_X_dmg_v1.2.1r2.zip
[2010/07/29 21:10:16 | 003,914,388 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\jayjay.pdf
[2010/07/25 23:23:42 | 000,124,854 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\berth.jpg
[2010/07/25 23:13:32 | 000,199,692 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\passing.jpg
[2010/07/25 12:42:11 | 000,013,261 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\ uk-racer has sent a question about item #180534330869, that ending on 16-Aug-10 13_38_57 BST - QUALITY T-SHIRT VINYL - FLEX HEAT TRANSFER 520mm x 1m .htm
[2010/07/22 03:36:42 | 000,002,435 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
[2010/07/17 21:41:04 | 000,000,786 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to FILES.lnk
[2010/07/13 01:12:31 | 000,000,776 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Sandboxed Web Browser.lnk
[2010/07/13 01:12:31 | 000,000,776 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/07/13 01:12:28 | 000,001,436 | ---- | C] () -- E:\WINDOWS\Sandboxie.ini
[2010/07/07 23:29:33 | 000,001,626 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2010/07/07 23:29:33 | 000,001,536 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Yawcam.lnk
[2010/07/07 23:20:12 | 000,126,976 | ---- | C] () -- E:\WINDOWS\System32\vmcoinst_zc0301plh.dll
[2010/07/07 23:18:49 | 000,122,880 | ---- | C] () -- E:\WINDOWS\rm303b.exe
[2010/07/07 23:18:49 | 000,049,152 | ---- | C] () -- E:\WINDOWS\Domino.exe
[2010/07/07 23:18:33 | 000,000,803 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\amcap.lnk
[2010/07/05 22:32:25 | 002,736,550 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Snap1.bmp
[2010/06/24 11:48:21 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2010/06/10 09:22:17 | 000,767,928 | ---- | C] () -- E:\WINDOWS\BDTSupport.dll
[2010/05/26 17:38:05 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/05/07 22:59:38 | 000,010,752 | ---- | C] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 06:54:16 | 000,974,848 | ---- | C] () -- E:\WINDOWS\System32\cis-2.4.dll
[2010/05/07 06:54:16 | 000,081,920 | ---- | C] () -- E:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010/05/07 06:54:16 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010/05/07 06:54:16 | 000,057,344 | ---- | C] () -- E:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/04/15 12:20:18 | 000,003,730 | ---- | C] () -- E:\WINDOWS\System32\SHORTCUT.INI
[2010/04/15 12:03:12 | 000,000,384 | ---- | C] () -- E:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/04/15 12:03:07 | 000,006,547 | ---- | C] () -- E:\WINDOWS\System32\LOCALSERVICE.INI
[2010/04/15 12:03:05 | 000,000,101 | ---- | C] () -- E:\WINDOWS\System32\LOCALDEVICE.INI
[2010/04/15 11:54:46 | 000,000,000 | ---- | C] () -- E:\WINDOWS\System32\BSPRINT.INI
[2010/04/13 23:31:22 | 000,000,534 | ---- | C] () -- E:\WINDOWS\FileExpress.INI
[2010/04/08 12:53:38 | 000,000,000 | ---- | C] () -- E:\WINDOWS\PROTOCOL.INI
[2010/04/07 00:02:03 | 000,003,660 | -HS- | C] () -- E:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/07 00:02:03 | 000,000,008 | RHS- | C] () -- E:\Documents and Settings\All Users\Application Data\AC63B5DBA3.sys
[2010/03/29 01:29:26 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2010/03/28 17:57:29 | 002,453,504 | ---- | C] () -- E:\Program Files\UltraMon_3.0.3_en_x32.msi
[2010/03/28 14:36:56 | 000,024,576 | R--- | C] () -- E:\WINDOWS\System32\AsIO.dll
[2010/03/28 14:36:56 | 000,012,400 | R--- | C] () -- E:\WINDOWS\System32\drivers\AsIO.sys
[2010/03/28 14:36:54 | 000,011,832 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/03/28 14:36:54 | 000,010,216 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/03/28 14:27:19 | 000,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2010/03/28 14:27:11 | 000,001,769 | ---- | C] () -- E:\WINDOWS\Language_trs.ini
[2010/03/28 14:27:08 | 000,021,891 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2010/03/28 14:27:08 | 000,010,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/03/18 11:28:44 | 000,916,849 | ---- | C] () -- E:\WINDOWS\System32\libiconv-2.dll
[2010/03/18 11:28:44 | 000,188,491 | ---- | C] () -- E:\WINDOWS\System32\libpq.dll
[2010/03/18 11:28:44 | 000,110,592 | ---- | C] () -- E:\WINDOWS\System32\pgxalib.dll
[2010/03/18 11:28:44 | 000,094,208 | ---- | C] () -- E:\WINDOWS\System32\pgenlista.dll
[2010/03/18 11:28:44 | 000,094,208 | ---- | C] () -- E:\WINDOWS\System32\pgenlist.dll
[2010/03/18 11:28:44 | 000,051,016 | ---- | C] () -- E:\WINDOWS\System32\libintl-2.dll
[2010/03/10 09:45:02 | 000,001,228 | ---- | C] () -- E:\WINDOWS\System32\bscs.ini
[2010/03/08 14:13:10 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\BsMobileCSps.dll
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- E:\WINDOWS\System32\BsVistaCommon.dll
[2009/12/01 13:58:24 | 000,017,400 | ---- | C] () -- E:\WINDOWS\System32\drivers\ftusb.sys
[2009/10/06 08:16:00 | 000,819,200 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2008/12/07 12:44:54 | 000,029,192 | ---- | C] () -- E:\WINDOWS\System32\drivers\btnetBus.sys
[2008/03/07 16:43:56 | 000,084,734 | R--- | C] () -- E:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/03/07 13:47:30 | 000,020,270 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/02/20 11:11:16 | 000,033,800 | ---- | C] () -- E:\WINDOWS\System32\drivers\epfwtdir.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- E:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/08/29 21:39:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\3CX
[2010/04/20 23:03:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/09/26 16:46:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ashampoo
[2010/04/11 09:52:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/29 18:22:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\EPSON
[2010/03/28 20:22:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ESET
[2010/04/15 11:52:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Installations
[2010/09/09 12:58:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MagiCut
[2010/08/20 00:17:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/19 01:29:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Qarbon
[2010/05/04 00:42:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/20 00:14:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Samsung
[2010/08/22 01:54:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Sony
[2010/05/07 22:55:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TechSmith
[2010/09/30 20:33:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/29 18:19:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\UDL
[2010/05/20 14:58:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Vodafone
[2010/05/09 00:11:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\xilisoft
[2010/05/22 15:15:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{7269BE79-5722-4259-B764-61F0045B02FF}
[2010/08/27 08:12:51 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
[2010/04/20 23:04:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\ACD Systems
[2010/09/26 16:49:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Ashampoo
[2010/05/31 13:51:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Aston2
[2010/08/27 22:17:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Audacity
[2010/09/28 19:35:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Azureus
[2010/09/27 22:29:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2010/08/28 13:08:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\DPA Software
[2010/03/28 20:36:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\eBay
[2010/04/09 11:29:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\EPSON
[2010/06/26 10:31:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Facebook
[2010/08/20 00:30:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Free Sound Recorder
[2010/08/29 21:37:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Install
[2010/04/03 12:11:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\IrfanView
[2010/09/09 13:02:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\MagiCut6
[2010/04/09 00:21:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\mojosoft
[2010/08/20 00:17:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\PC Suite
[2010/08/22 01:59:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Publish Providers
[2010/04/19 01:29:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Qarbon
[2010/08/20 00:14:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Samsung
[2010/05/07 13:41:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\SignCut
[2010/09/05 13:47:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\SignGo
[2010/08/22 02:00:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Sony
[2010/04/04 14:56:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\TeamViewer
[2010/08/27 08:14:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Uniblue
[2010/05/20 14:59:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Vodafone
[2010/05/09 00:06:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Z-Systems
[2010/09/30 02:07:04 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/24 18:35:42 | 000,000,262 | ---- | M] () -- E:\WINDOWS\Tasks\RegistryBooster.job
[2010/08/27 08:13:21 | 000,000,376 | ---- | M] () -- E:\WINDOWS\Tasks\Uniblue DiskRescue 2009.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/03/28 17:36:46 | 047,594,848 | ---- | M] (Advanced Micro Devices, Inc.) -- E:\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/08/20 00:14:39 | 000,002,006 | ---- | M] () -- E:\aqua_bitmap.cpp
[2010/04/10 12:44:44 | 000,007,640 | ---- | M] () -- E:\InstallHelper.log
[2010/09/28 20:16:28 | 000,006,662 | ---- | M] () -- E:\JavaRa.log
[2010/08/21 20:51:28 | 2145,386,496 | -HS- | M] () -- E:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/03/28 14:06:33 | 000,000,067 | -HS- | M] () -- E:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2005/08/01 11:25:00 | 000,610,304 | ---- | M] (Sysinternals) -- E:\WINDOWS\SysInternals Bluescreen.scr
[2008/09/28 23:34:40 | 000,230,400 | ---- | M] (Realtime Soft Ltd) -- E:\WINDOWS\UltraMon.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WLXPGSS.SCR
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/08/29 15:48:22 | 000,008,134 | ---- | M] () -- E:\Program Files\irunin.bmp
[2010/08/29 15:48:22 | 000,215,727 | ---- | M] () -- E:\Program Files\irunin.dat
[2010/08/29 15:49:05 | 000,018,281 | ---- | M] () -- E:\Program Files\irunin.ini
[2010/08/29 15:48:22 | 000,015,938 | ---- | M] () -- E:\Program Files\irunin.lng
[2008/11/18 20:44:44 | 002,453,504 | ---- | M] () -- E:\Program Files\UltraMon_3.0.3_en_x32.msi

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/28 14:53:02 | 000,098,304 | ---- | M] () -- E:\WINDOWS\system32\config\default.sav
[2010/03/28 14:53:02 | 001,089,536 | ---- | M] () -- E:\WINDOWS\system32\config\software.sav
[2010/03/28 14:53:01 | 000,942,080 | ---- | M] () -- E:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/28 14:07:03 | 000,000,294 | -HS- | M] () -- E:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/28 14:15:20 | 000,000,119 | -HS- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/28 14:15:19 | 000,000,079 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/10/17 18:07:46 | 000,311,296 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\ActivationTool.exe
[2010/04/05 19:30:00 | 000,038,912 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\aston_2.00_KG.exe
[2010/03/23 21:46:43 | 016,194,111 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Aston_setup_2.0.0.exe
[2007/03/29 12:09:00 | 021,377,783 | ---- | M] (Macrovision Corporation) -- E:\Documents and Settings\Andy\Desktop\Driver_ZC0301PLH_Vista_Setup_070329.exe
[2010/09/30 21:45:14 | 000,485,896 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\HAMeb_check.exe
[2005/09/13 18:00:00 | 000,055,296 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\keygen.exe
[2010/09/30 21:43:53 | 000,080,384 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MBRCheck.exe
[2010/09/14 23:57:11 | 002,966,347 | ---- | M] (JOEXX ) -- E:\Documents and Settings\Andy\Desktop\MM-Exporter_233_Setup.exe
[2010/09/30 21:46:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/04/08 16:27:08 | 003,172,060 | ---- | M] (Macrovision Corporation) -- E:\Documents and Settings\Andy\Desktop\PL2303_Prolific_DriverInstaller_v1210.exe
[2010/07/15 10:41:22 | 003,172,584 | ---- | M] (Macrovision Corporation) -- E:\Documents and Settings\Andy\Desktop\PL2303_Prolific_DriverInstaller_v130.exe
[2008/01/20 14:21:48 | 000,211,384 | ---- | M] (FdcSoft) -- E:\Documents and Settings\Andy\Desktop\PPCPimBackup.exe
[2010/09/30 21:44:28 | 000,133,632 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\RKUnhookerLE.EXE
[2003/03/23 04:21:00 | 000,036,864 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\SPVUnlock.exe
[2010/04/27 20:46:31 | 002,843,056 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\TeamViewer_Setup(4).exe
[2010/06/22 15:41:28 | 002,906,488 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\TeamViewer_Setup(5).exe
[2009/07/06 11:15:51 | 002,306,955 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\UltraMon_3.0.3_en_x32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/28 14:15:19 | 000,000,122 | -HS- | M] () -- E:\Documents and Settings\Andy\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/30 23:25:59 | 000,049,152 | ---- | M] () -- E:\Documents and Settings\Andy\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\inf\unregmp2.exe
[2006/06/25 07:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- E:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >
[2010/07/13 01:11:51 | 000,735,984 | ---- | M] (tzuk) -- E:\WINDOWS\Installer\SandboxieInstall32.exe
[1 E:\WINDOWS\Installer\*.tmp files -> E:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[1 E:\WINDOWS\Installer\*.tmp files -> E:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/05/09 14:10:36 | 000,001,078 | ---- | M] () -- E:\WINDOWS\system32\PXI.ico
[2005/08/28 20:51:42 | 000,000,766 | ---- | M] () -- E:\WINDOWS\system32\Uninstall.ico
[2010/02/11 15:19:44 | 000,028,809 | ---- | M] () -- E:\WINDOWS\system32\wpcs2k10.ico
[13 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/09/30 21:33:07 | 006,553,600 | ---- | M] () -- E:\Documents and Settings\Andy\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2002/06/07 04:00:00 | 000,028,160 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EPIBSR30.EXE
[2002/06/28 05:55:00 | 000,411,904 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
[2002/08/23 06:06:18 | 000,045,056 | ---- | M] (SEIKO EPSON Corporation) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EPUTIX24.EXE
[2008/09/12 01:11:00 | 000,483,328 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EREGISTR.EXE
[1999/03/08 03:00:00 | 000,148,992 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_DMSG00.EXE
[2002/07/30 04:00:00 | 000,142,848 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_DPPE03.EXE
[2009/02/24 14:38:04 | 000,309,152 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA30.EXE
[2007/11/15 05:02:00 | 000,175,616 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTEKE.EXE
[2008/01/07 05:04:00 | 000,159,744 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNEKE.EXE
[2008/03/05 06:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
[2007/12/17 01:03:00 | 000,177,152 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBCSEKE.EXE
[2008/03/31 10:25:00 | 000,105,984 | ---- | M] (SEIKO EPSON Corporation) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTEKE.EXE
[2009/05/21 07:05:00 | 000,808,888 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FINSEKE.EXE
[2009/03/10 04:00:00 | 000,204,800 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPREEKE.EXE
[2002/07/01 02:02:00 | 000,062,464 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S00RP2.EXE
[2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40RP7.EXE
[2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40ST7.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/08/29 21:19:45 | 000,000,000 | ---D | M](E:\WINDOWS\System32\?) -- E:\WINDOWS\System32\
[2010/08/29 21:19:45 | 000,000,000 | ---D | C](E:\WINDOWS\System32\?) -- E:\WINDOWS\System32\

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> E:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 205 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 30/09/2010 23:20:09 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = E:\Documents and Settings\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 244.14 Gb Total Space | 53.95 Gb Free Space | 22.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 345.57 Gb Total Space | 125.02 Gb Free Space | 36.18% Space Free | Partition Type: NTFS
Drive F: | 341.80 Gb Total Space | 150.77 Gb Free Space | 44.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTROOM
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "E:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "E:\Program Files\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [Bridge] -- E:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5481:TCP" = 5481:TCP:*:Enabled:3CX Phone System Abyss Web Server
"5486:UDP" = 5486:UDP:*:Enabled:3CX Assistant Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Mailtraq back up march2010\dbsearch.exe" = E:\Mailtraq back up march2010\dbsearch.exe:*:Enabled:dbsearch -- File not found
"E:\Mailtraq back up march2010\mailtraq.exe" = E:\Mailtraq back up march2010\mailtraq.exe:*:Enabled:Mailtraq Server -- (Fastraq Limited)
"E:\Program Files\UltraVNC\winvnc.exe" = E:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"E:\Program Files\UltraVNC\vncviewer.exe" = E:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- (IVT Corporation)
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = E:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"E:\Program Files\Vuze\Azureus.exe" = E:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"E:\Program Files\3CXPhone\3CXPhone.exe" = E:\Program Files\3CXPhone\3CXPhone.exe:*:Enabled:3CXPhone -- (3CX Ltd)
"E:\WINDOWS\system32\muzapp.exe" = E:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe" = E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe:*:Enabled:3CX Assistant Server -- (3CX Ltd)
"E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe" = E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe:*:Enabled:3CX PhoneSystem Media Server -- (3CX Software Ltd.)
"E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe" = E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe:*:Enabled:3CX SIP/RTP Tunneling Proxy -- (3CX Software Ltd.)
"E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe" = E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe:*:Enabled:3CX Phone System Server -- (3CX Software Ltd.)
"E:\WINDOWS\system32\ftusbsrv.exe" = E:\WINDOWS\system32\ftusbsrv.exe:*:Enabled:USB over Network Server service -- (FabulaTech)
"E:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = E:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"E:\Program Files\TeamViewer\Version5\TeamViewer.exe" = E:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02A3343C-028E-62D3-E193-AC15E8508B64}" = Catalyst Control Center Graphics Light
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{042961FE-BE09-48AB-81FB-C0D4093043A1}" = Sony DVD Architect Pro 4.5
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{063BD2FA-85DE-0A14-F266-7BD869F719BA}" = Catalyst Control Center Graphics Full New
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C35EAE4-A535-46B7-B4BF-68952BD94E68}" = Uniblue DiskRescue 2009
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2894C259-B270-EFAA-3131-491B261E894A}" = ccc-utility
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{2EF08F62-7006-4322-A7B6-2E655240EDCD}" = eBay Blackthorne
"{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{349EEF84-59E0-5B35-182D-50948D7DB592}" = ccc-core-static
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362483B1-91EB-4CB4-B9BB-3B4B4C644404}" = ZC0301PLH_Driver_Setup
"{3F0BC93F-DB14-4CBE-9E58-3861330782C0}" = BlueSoleil 6.4.305.0
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{411F2966-4ADA-4B43-B5A3-E778DE117050}" = WinPCSIGN Pro 2010 DEMO
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6B1116-E9C1-4480-41B5-35290C1EFD3B}" = ccc-core-preinstall
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68B71883-DC08-4967-87EF-3C92C6C4AB0B}" = 3CXPhone
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7498A596-CF11-423C-9F0C-CE8D1B0D85C6}" = WinPCSIGN Pro 2010 DEMO
"{77C80DAB-4C40-ACD2-E645-FD3E1F05EA90}" = CCC Help English
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D867A8-BFC4-468C-8FC7-8C0D3FEC44DE}" = MagiCut 6
"{8717338B-361B-433B-998E-F7FEA8D966A4}" = ActiveComport Serial Port Toolkit 3.1
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{952D88D2-3E6F-4E40-8553-8070FEFCE5CD}" = Adobe Creative Suite 5 Master Collection
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9DF02D31-7011-425C-832D-AE5EF886BF5D}" = SignGo
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A338DA34-2A06-40B0-A4BA-8C211EA95498}_is1" = MM-Exporter 2.3.3
"{A517FD5C-9A81-44C2-9D61-64FE3D2C4E43}" = USB over Network (Server) 4.3
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A7651FB4-AC2E-4020-90E2-B71C8C379F48}" = Macromedia Captivate
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = VIMICRO USB PC Camera (ZC0301PLH)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2A3667C-8CB4-FD78-807F-6861EA9CDDB2}" = SonicShack Design Studio
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{B87F2B5D-99D0-42B8-A34E-5AA549D6E220}" = 3CX PhoneSystem
"{B905C2C6-E171-4D6A-B235-EDECF1F5EFB1}" = Samsung PC Studio 3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BF6B3449-92A5-4EAA-B97D-0EE3B73BA740}" = OKI Profile Assistant
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F8A93B-52A9-B08F-FDFF-486CEBF89605}" = Adobe Widget Browser
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = USB2.0 PC Camera(0050.2010.0119.3009)
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}" = UltraMon
"{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}" = SOTI Pocket Controller-Pro
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D28ED536-CCD0-4F38-987C-A57177371172}" = 0680-W-R SATARaid
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAE507C4-7E9E-B204-531C-A9306522D7A9}" = Catalyst Control Center Graphics Full Existing
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"{DD58AC0F-CE28-B5EA-72C4-08CE056A77EA}" = Catalyst Control Center HydraVision Full
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF1DB993-40FC-4695-A8B9-DB43FE8198DF}" = USB over Network (Server) 4.3
"{EFB786FD-D916-416B-A23A-1EBEAF4A9DDC}" = Adobe Flash Player 10 ActiveX
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0949359-3DA7-52EF-50E6-FDD6B9491E2D}" = Catalyst Control Center Graphics Previews Common
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}" = Catalyst Control Center InstallProxy
"{F4735C64-9A74-4E48-894B-1CA5D83B99C8}" = Vista/XP Virtual Desktops
"{F67CCC08-C544-A440-A47A-D60A25118CD1}" = Catalyst Control Center Core Implementation
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F80DDFFD-D030-4CCC-AF03-BD8EEE5E20ED}" = General Module
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"370F970D5E7062280B50CB0E992F50C6DAB9E73E" = Windows Driver Package - Samsung Electronics Co., LTD (ss_bserd) Ports (09/19/2009 5.00.0.0)
"427AEA289D5472880C429F9C824A920BA154595B" = Windows Driver Package - Samsung Electronics Co., LTD (ss_bmdm) Modem (09/19/2009 5.00.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8420-2810-2006-8218" = ViewletBuilder6 Enterprise
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8.3.2
"Ashampoo Photo Optimizer 3_is1" = Ashampoo Photo Optimizer 3.12
"Aston2" = Aston 2.0.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BusinessCardsMX3_is1" = BusinessCardsMX 3.98
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"D6336B8FD7FAC973DF15525B8DB853BC282665F8" = Windows Driver Package - Samsung Electronics Co., LTD (ss_bbus) USB (09/19/2009 5.00.0.0)
"docXConverter3_is1" = docXConverter 3.1.3
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON SX600FW Series" = EPSON SX600FW Series Printer Uninstall
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"FileExpress_is1" = FileExpress 1.2
"Fotosizer" = Fotosizer 1.29
"Free Sound Recorder_is1" = Free Sound Recorder 2010 v9.1.3.3
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HyperSnap 6" = HyperSnap 6
"ImTOO Multiple Desktops" = ImTOO Multiple Desktops
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"LiveZilla" = LiveZilla
"Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229)
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Magic ISO Maker v5.5 (build 0274)" = Magic ISO Maker v5.5 (build 0274)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mailtraq" = Mailtraq
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"MyFreeCodec" = MyFreeCodec
"Nero8Lite_is1" = Nero 8 Micro 8.3.2.1
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NoIPDUC" = No-IP DUC
"PFPortChecker" = PFPortChecker 1.0.32
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"POP3 Scan Mailbox" = POP3 Scan Mailbox
"Product_Name" = Vistool 6
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Sandboxie" = Sandboxie 3.46
"SignCut" = SignCut (remove only)
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"SonicShack Design Studio_is1" = SonicShack Designer Adobe AIR version
"SonicShackDesignStudio.3B9EF5EFA6377BC7FDC14C50D5056E073DACD0C6.1" = SonicShack Design Studio
"Spb Keyboard" = Spb Keyboard
"Spb Mobile Shell" = Spb Mobile Shell
"Spyware Doctor" = Spyware Doctor 7.0
"Sysinternals Toolbox_is1" = Sysinternals Toolbox 2010.06.10
"TeamViewer 5" = TeamViewer 5
"Teleport Pro" = Teleport Pro
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"Uniblue DiskRescue 2009" = Uniblue DiskRescue 2009
"Vector Magic" = Vector Magic
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Hex Editor Neo 4.95
"Facebook Plug-In" = Facebook Plug-In
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/09/2010 15:57:52 | Computer Name = FRONTROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 02/09/2010 15:58:02 | Computer Name = FRONTROOM | Source = VMCService | ID = 0
Description = System.TypeInitializationException: The type initializer for 'VMC.BaseServices.DataAccessor.DataStore'
threw an exception. ---> System.TypeInitializationException: The type initializer
for 'VMC.BaseServices.RegistryAccessor' threw an exception. ---> System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:
0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementClass.GetInstances(EnumerationOptions
options) at System.Management.ManagementClass.GetInstances() at VMC.BaseServices.RegistryAccessor.InitRegistryAccessor()

at VMC.BaseServices.RegistryAccessor..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.RegistryAccessor.get_BaseServicesLogger() at
VMC.BaseServices.DataAccessor.DataStore..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.DataAccessor.DataStore.get_ConflictingApplicationsFilename()

at VMC.WindowsService.WindowsService.DllLoading()

Error - 06/09/2010 02:54:55 | Computer Name = FRONTROOM | Source = Windows Live Messenger | ID = 1000
Description =

Error - 06/09/2010 02:55:53 | Computer Name = FRONTROOM | Source = Windows Live Messenger | ID = 1000
Description =

Error - 09/09/2010 20:26:09 | Computer Name = FRONTROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 09/09/2010 20:26:29 | Computer Name = FRONTROOM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 11/09/2010 15:55:55 | Computer Name = FRONTROOM | Source = Windows Live Messenger | ID = 1000
Description =

Error - 24/09/2010 06:11:45 | Computer Name = FRONTROOM | Source = VMCService | ID = 0
Description = System.TypeInitializationException: The type initializer for 'VMC.BaseServices.DataAccessor.DataStore'
threw an exception. ---> System.TypeInitializationException: The type initializer
for 'VMC.BaseServices.RegistryAccessor' threw an exception. ---> System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:
0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementClass.GetInstances(EnumerationOptions
options) at System.Management.ManagementClass.GetInstances() at VMC.BaseServices.RegistryAccessor.InitRegistryAccessor()

at VMC.BaseServices.RegistryAccessor..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.RegistryAccessor.get_BaseServicesLogger() at
VMC.BaseServices.DataAccessor.DataStore..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.DataAccessor.DataStore.get_ConflictingApplicationsFilename()

at VMC.WindowsService.WindowsService.DllLoading()

Error - 24/09/2010 06:15:07 | Computer Name = FRONTROOM | Source = VMCService | ID = 0
Description = System.TypeInitializationException: The type initializer for 'VMC.BaseServices.DataAccessor.DataStore'
threw an exception. ---> System.TypeInitializationException: The type initializer
for 'VMC.BaseServices.RegistryAccessor' threw an exception. ---> System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:
0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementClass.GetInstances(EnumerationOptions
options) at System.Management.ManagementClass.GetInstances() at VMC.BaseServices.RegistryAccessor.InitRegistryAccessor()

at VMC.BaseServices.RegistryAccessor..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.RegistryAccessor.get_BaseServicesLogger() at
VMC.BaseServices.DataAccessor.DataStore..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.DataAccessor.DataStore.get_ConflictingApplicationsFilename()

at VMC.WindowsService.WindowsService.DllLoading()

Error - 24/09/2010 06:19:37 | Computer Name = FRONTROOM | Source = VMCService | ID = 0
Description = System.TypeInitializationException: The type initializer for 'VMC.BaseServices.DataAccessor.DataStore'
threw an exception. ---> System.TypeInitializationException: The type initializer
for 'VMC.BaseServices.RegistryAccessor' threw an exception. ---> System.Runtime.InteropServices.COMException
(0x80010002): Call was canceled by the message filter. (Exception from HRESULT:
0x80010002 (RPC_E_CALL_CANCELED)) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementClass.GetInstances(EnumerationOptions
options) at System.Management.ManagementClass.GetInstances() at VMC.BaseServices.RegistryAccessor.InitRegistryAccessor()

at VMC.BaseServices.RegistryAccessor..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.RegistryAccessor.get_BaseServicesLogger() at
VMC.BaseServices.DataAccessor.DataStore..cctor() --- End of inner exception stack
trace --- at VMC.BaseServices.DataAccessor.DataStore.get_ConflictingApplicationsFilename()

at VMC.WindowsService.WindowsService.DllLoading()

[ System Events ]
Error - 24/09/2010 06:10:55 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 24/09/2010 06:14:13 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 24/09/2010 06:14:13 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 24/09/2010 06:18:44 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 24/09/2010 06:18:44 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 24/09/2010 13:34:49 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 24/09/2010 13:34:49 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 27/09/2010 13:54:52 | Computer Name = FRONTROOM | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MRT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDDE1C31-4831-453D-8E95.
The
master browser is stopping or an election is being forced.

Error - 29/09/2010 12:02:11 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 29/09/2010 12:12:51 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

#8 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 30 September 2010 - 05:00 PM

Hello,

You've gotten yourself infected by downloading files via P2P programs. If you continue this behavior, you will find yourself infected again.

Peer to Peer Program
While reviewing your logs I noticed that you currently have Peer to Peer program(s) installed on your computer.

Most of the infections that we see today are through P2P file sharing. By uninstalling this programs you will be doing yourself a favor. It's impossible to trust the source of what is being downloaded from them and a file may or may not be what it appears to be.

Should you decide to keep these programs installed on your computer PLEASE do not use these programs while we are getting your P.C. cleaned up.

PLEASE NOTE: When your uninstalling the P2P Program(s) some questions are worded in various ways to try and deceive you and keep you from uninstalling their Program.

NEXT:

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following:

@echo off
echo Please wait
attrib -s -h -r %SystemDrive%\Documents and Settings\HelpAssistant /s /d
del /s/q %SystemDrive%\Documents and Settings\HelpAssistant\*.* >nul 2>&1
rmdir /s/q %SystemDrive%\Documents and Settings\HelpAssistant >nul 2>&1
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1202660629-1214440339-1177238915-1000" /f
exit
cls

In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.

Posted Image

Double click on fix.bat

NEXT:

Do you have a current subscription to Spyware Doctor? If not, I suggest you remove it.
NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Services
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Device Detector] File not found
O33 - MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\Shell - "" = AutoRun
O33 - MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\Shell - "" = AutoRun
O33 - MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\S\Shell - "" = AutoRun
O33 - MountPoints2\S\Shell\AutoRun - "" = Auto&Play
[2010/07/14 00:38:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\CorelDRAW_Graphics_Suite_X4_Keygen_AGAiN
[2010/07/13 00:43:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\CorelDRAW Graphics Suite X4 v14.0.0.567 crack by donald.duck
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[2010/08/11 23:06:34 | 1047,718,111 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[2010/09/11 23:26:03 | 738,789,632 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, FlashPaper 2, ColdFusion MX 7 Developer Edition, FreeHand MX 11.0.2, Ca.rar
[2010/09/07 01:06:35 | 1047,718,111 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[2008/10/17 18:07:46 | 000,311,296 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\ActivationTool.exe
[2010/04/05 19:30:00 | 000,038,912 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\aston_2.00_KG.exe
[2010/03/23 21:46:43 | 016,194,111 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Aston_setup_2.0.0.exe
[2005/09/13 18:00:00 | 000,055,296 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\keygen.exe
[1 E:\WINDOWS\Installer\*.tmp files -> E:\WINDOWS\Installer\*.tmp -> ]
[1 E:\WINDOWS\Installer\*.tmp files -> E:\WINDOWS\Installer\*.tmp -> ]
[13 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]
@Alternate Data Stream - 48 bytes -> E:\Documents and Settings\All Users\DRM:Ù…Ø§ÙŠÙƒØ±ÙˆØ³ÙˆÙØª
@Alternate Data Stream - 205 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

WVCheck
Please download WVCheck from Artellos.com.

Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
As indicated by the prompt, This program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the notepad file as a reply.

NEXT:

CKScanner
Download CKScanner.
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Proud Graduate of the WTT Classroom

Posted Image

#9 ukracer

Authentic Member

Authentic Member
25 posts

Posted 02 October 2010 - 01:06 PM

Hello,

Hiya

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Device Detector deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c440b4a-5a20-11df-a396-acf24945de06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c440b4a-5a20-11df-a396-acf24945de06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c440b4b-5a20-11df-a396-acf24945de06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c440b4b-5a20-11df-a396-acf24945de06}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S\ not found.
E:\Documents and Settings\Andy\Desktop\CorelDRAW_Graphics_Suite_X4_Keygen_AGAiN folder moved successfully.
E:\Documents and Settings\Andy\Desktop\CorelDRAW Graphics Suite X4 v14.0.0.567 crack by donald.duck folder moved successfully.
E:\WINDOWS\SET3.tmp deleted successfully.
E:\WINDOWS\SET4.tmp deleted successfully.
E:\WINDOWS\SET8.tmp deleted successfully.
E:\WINDOWS\System32\CONFIG.TMP deleted successfully.
E:\WINDOWS\System32\SET84D2.tmp deleted successfully.
E:\WINDOWS\System32\SET84D4.tmp deleted successfully.
E:\WINDOWS\System32\SET84D8.tmp deleted successfully.
E:\WINDOWS\System32\SET84DB.tmp deleted successfully.
E:\WINDOWS\System32\SET84E0.tmp deleted successfully.
E:\WINDOWS\System32\SET84E3.tmp deleted successfully.
E:\WINDOWS\System32\SETC832.tmp deleted successfully.
E:\WINDOWS\System32\SETC833.tmp deleted successfully.
E:\WINDOWS\System32\SETC834.tmp deleted successfully.
E:\WINDOWS\System32\SETC835.tmp deleted successfully.
E:\WINDOWS\System32\SETC836.tmp deleted successfully.
E:\WINDOWS\System32\SETC837.tmp deleted successfully.
E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip moved successfully.
E:\Documents and Settings\Andy\My Documents\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, FlashPaper 2, ColdFusion MX 7 Developer Edition, FreeHand MX 11.0.2, Ca.rar moved successfully.
File E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip not found.
E:\Documents and Settings\Andy\Desktop\ActivationTool.exe moved successfully.
E:\Documents and Settings\Andy\Desktop\aston_2.00_KG.exe moved successfully.
E:\Documents and Settings\Andy\Desktop\Aston_setup_2.0.0.exe moved successfully.
E:\Documents and Settings\Andy\Desktop\keygen.exe moved successfully.
E:\WINDOWS\Installer\MSI893A.tmp deleted successfully.
Unable to delete ADS E:\Documents and Settings\All Users\DRM:Ù…Ø§ÙŠÙƒØ±ÙˆØ³ÙˆÙØª .
ADS E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS E:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\Documents and Settings\Andy\Desktop\cmd.bat deleted successfully.
E:\Documents and Settings\Andy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Andy
->Temp folder emptied: 590313851 bytes
->Temporary Internet Files folder emptied: 8783044 bytes
->Java cache emptied: 1816677 bytes
->FireFox cache emptied: 131610416 bytes
->Flash cache emptied: 90498 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34768 bytes

User: NetworkService
->Temp folder emptied: 116440 bytes
->Temporary Internet Files folder emptied: 616516 bytes

User: unlock

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11143566 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 311527966 bytes

Total Files Cleaned = 1,007.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Andy
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: unlock

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10012010_005717

Files\Folders moved on Reboot...
E:\WINDOWS\temp\Perflib_Perfdata_efc.dat moved successfully.

Registry entries deleted on Reboot...

CKScanner - Additional Security Risks - These are not necessarily bad

c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\autorun.inf
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\setup.exe
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\tomtom.ico
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\dan\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\deu\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\eng\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\esp\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\fra\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\ita\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\nld\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\sve\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\app\usa\navigator.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\gps\gps.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\gps\gps.ppc3_arm.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\gps\gps.ppc3_mips.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\gps\gps.ppc3_sh3.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\manual.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\poster\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\poster\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_dan.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_deu.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_eng.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_esp.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_fra.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_ita.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_nld.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_sve.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\main_menu_usa.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\dansk\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\dansk\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\deutsch\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\deutsch\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\english\do.bat
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\english\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\english\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\espanol\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\espanol\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\francais\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\francais\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\img\manual.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\italiano\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\italiano\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\nederlands\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\nederlands\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\svensk\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\svensk\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\usa\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\palmos\refman\usa\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\manual.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-dan.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-deu.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-eng.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-enu.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-esp.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-fra.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-ita.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-nld.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\manual-sve.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\poster\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_dan.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_deu.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_eng.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_esp.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_fra.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_ita.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_nld.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_sve.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\main_menu_usa.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\dansk\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\dansk\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\dansk\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\deutsch\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\deutsch\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\deutsch\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\english\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\english\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\english\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\espanol\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\espanol\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\espanol\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\francais\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\francais\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\francais\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\italiano\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\italiano\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\italiano\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\nederlands\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\nederlands\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\nederlands\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\svensk\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\svensk\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\svensk\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\usa\manual.html
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\usa\manualq.htm
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\manual\ppc\refman\usa\tomtom.css
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\app.mor
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\maps.mor
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\palm.mnu
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\palmapp.mor
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\palmmain.mor
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\palmvoice.mor
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\pocketpc.mnu
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\ppcapp.mor
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\voice.mor
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\austria\oesterreich.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\austria\oesterreich.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\germany\2.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\germany\deutschland.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\germany\deutschland.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\germany\nur-deutschland
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\germany256m\2.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\germany256m\south.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\germany256m\south.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\mre\major_roads_of_europe.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\mre\major_roads_of_europe.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\switzerland\schweiz-suisse-svizzera.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\map\switzerland\schweiz-suisse-svizzera.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\palm\readme.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\nvde\pocketpc\readme.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\dan.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\dan.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\deuf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\deuf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\deum.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\deum.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\engf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\engf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\engm.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\engm.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\esp.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\esp.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\fraf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\fraf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\fram.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\fram.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\ita.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\ita.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\navigator.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\navigator.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\nldf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\nldf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\nldm.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\nldm.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\nor.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\nor.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\sve.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\sve.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\usaf2.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\usaf2.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\usaf3.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\usaf3.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\usam.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\usam.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\vla.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\palmos\vla.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_dan.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_deu.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_eng.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_esp.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_fin.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_fra.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_ita.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_nld.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_sve.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\lic_usa.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\rsc\rscinfo.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\dan.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\dan.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\deu.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\deu.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\deuf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\deuf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\deum.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\deum.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\engf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\engf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\engm.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\engm.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\esp.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\esp.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\fra.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\fra.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\fraf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\fraf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\fram.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\fram.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\ita.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\ita.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\nldf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\nldf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\nldm.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\nldm.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\nor.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\nor.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\sve.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\sve.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usaf.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usaf.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usaf2.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usaf2.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usaf3.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usaf3.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usam.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\usam.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\vla.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\voice\vla.ini
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_dan.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_deu.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_eng.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_enu.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_esp.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_fra.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_ita.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_nld.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\wizard\ttncfg_sve.apk
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\_crack\keygen.exe
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\_crack\read me.txt
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\germany, austria, switzerland - with crack + keygen - cd1of4\_crack\rename_this_file.mid
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen - cd2of4\nvde2\map\deu\2.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen - cd2of4\nvde2\map\deu\3.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen - cd2of4\nvde2\map\deu\deutschland.cab
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen - cd2of4\nvde2\map\deu\deutschland.ini

scanner sequence 3.ZZ.11
----- EOF -----

Edited by ukracer, 02 October 2010 - 01:08 PM.

#10 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 02 October 2010 - 01:15 PM

Do you have the WVCheck log?

Proud Graduate of the WTT Classroom

Posted Image

Advertisements

Register to Remove

#11 ukracer

Authentic Member

Authentic Member
25 posts

Posted 02 October 2010 - 02:21 PM

Do you have the WVCheck log?

It encounters problems checking the registary

Windows Validation Check
Version: 1.8.8.3
Log Created On: 2012_02-10-2010
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal

WVCheck's Auto Update Check
-----------------------
WVCheck could not read the Auto-Update Option.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------

WVCheck's Dir Dump
-----------------------

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b

-------- End of File, program close at 2117_02-10-2010 --------

#12 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 02 October 2010 - 03:14 PM

Hello,

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word "Code"

:Services
:OTL

:Reg

:Files
c:\tom tom\tomtom navigator v3.01 germany, austria, switzerland - with crack + keygen\
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Proud Graduate of the WTT Classroom

Posted Image

#13 ukracer

Authentic Member

Authentic Member
25 posts

Posted 02 October 2010 - 06:39 PM

Combofix crashed after 50 mins with badpool header.

#14 SweetTech

MalwareTeam Emeritus

Authentic Member
3,368 posts

Posted 03 October 2010 - 05:56 AM

Do you have the OTL Fix log and TDSSKiller logs? Did you ensure that all security programs were disabled? Try running ComboFix in safe-mode.

Proud Graduate of the WTT Classroom

Posted Image

#15 ukracer

Authentic Member

Authentic Member
25 posts

Posted 04 October 2010 - 03:18 PM

Do you have the OTL Fix log and TDSSKiller logs?

Did you ensure that all security programs were disabled? Try running ComboFix in safe-mode.

Yes here they are

OTL logfile created on: 30/09/2010 23:20:09 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = E:\Documents and Settings\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 244.14 Gb Total Space | 53.95 Gb Free Space | 22.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 345.57 Gb Total Space | 125.02 Gb Free Space | 36.18% Space Free | Partition Type: NTFS
Drive F: | 341.80 Gb Total Space | 150.77 Gb Free Space | 44.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FRONTROOM
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - E:\Documents and Settings\Andy\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - E:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe (3CX Ltd)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe (3CX)
PRC - E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe (3CX Ltd)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe (3CX)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe (3CX Software Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe (3CX Software Ltd.)
PRC - E:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - E:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe ()
PRC - E:\Program Files\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Limited)
PRC - E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe (Aprelium)
PRC - E:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
PRC - E:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - E:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - E:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - E:\Program Files\3CX PhoneSystem\Bin\Webserver\adn\FCGIDotNet_2_0.exe (Aprelium)
PRC - E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - E:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - E:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe (IVT Corporation)
PRC - E:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - E:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
PRC - E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
PRC - E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - E:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - E:\Program Files\USB over Network (Server)\usbserver.exe (FabulaTech)
PRC - E:\WINDOWS\system32\ftusbsrv.exe (FabulaTech)
PRC - E:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Ipswitch)
PRC - E:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - E:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
PRC - E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - E:\Program Files\UltraMon\UltraMon.exe (Realtime Soft Ltd)
PRC - E:\Program Files\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd)
PRC - E:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe (Uniblue)
PRC - E:\Program Files\Vista & XP Virtual Desktops\Virtual Desktops.exe (Z-Systems)
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
PRC - e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - E:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - E:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - E:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - E:\WINDOWS\VMSnap3.exe (Vimicro)
PRC - E:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)
PRC - E:\Mailtraq back up march2010\mailtraq.exe (Fastraq Limited)

========== Modules (SafeList) ==========

MOD - E:\Documents and Settings\Andy\Desktop\OTL.exe (OldTimer Tools)
MOD - E:\Program Files\Spyware Doctor\smum32.dll (PC Tools)
MOD - E:\Program Files\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - E:\Program Files\UltraMon\RTSUltraMonHook.dll (Realtime Soft Ltd)
MOD - E:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - E:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (TeamViewer5) -- E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (3CXConferenceRoom) -- E:\Program Files\3CX PhoneSystem\Bin\3CXCP.exe (3CX Software Ltd.)
SRV - (3CXTunnel) -- E:\Program Files\3CX PhoneSystem\Bin\3CXTunnel.exe (3CX Software Ltd.)
SRV - (3CXPhoneSystem) -- E:\Program Files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe (3CX Software Ltd.)
SRV - (3CXFAXSrv) -- E:\Program Files\3CX PhoneSystem\Bin\3CXFaxServer.exe (3CX Software Ltd.)
SRV - (3CXParkOrbit) -- E:\Program Files\3CX PhoneSystem\Bin\3CXPO.exe (3CX Software Ltd.)
SRV - (3CXCfgServ) -- E:\Program Files\3CX PhoneSystem\Bin\3CXSLDBServ.exe (3CX Ltd)
SRV - (3CXCallHistoryService) -- E:\Program Files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe (3CX)
SRV - (3CXAssistantServer) -- E:\Program Files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe (3CX Ltd)
SRV - (3CXVBoxMgr) -- E:\Program Files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe (3CX)
SRV - (3CXIvr) -- E:\Program Files\3CX PhoneSystem\Bin\3CXIvrServer.exe (3CX Software Ltd.)
SRV - (3CXMediaServer) -- E:\Program Files\3CX PhoneSystem\Bin\3CXMediaServer.exe (3CX Software Ltd.)
SRV - (SbieSvc) -- E:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (3CXQueueManager) -- E:\Program Files\3CX PhoneSystem\Bin\VCEHost.exe ()
SRV - (AbyssWebServer) -- E:\Program Files\3CX PhoneSystem\Bin\Webserver\abyssws.exe (Aprelium)
SRV - (KiesAllShare) -- E:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()
SRV - (FsUsbExService) -- E:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (dgdersvc) -- E:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Macromedia Licensing Service) -- E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (MBAMService) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (3CX PhoneSystem Database Server) -- E:\Program Files\3CX PhoneSystem\Bin\pgsql\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (sdCoreService) -- E:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- E:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (BlueSoleilCS) -- E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsMobileCS) -- E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe (IVT Corporation)
SRV - (TabletServiceWacom) -- E:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (BsHelpCS) -- E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (Browser Defender Update Service) -- E:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (McComponentHostService) -- E:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SwitchBoard) -- E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (uvnc_service) -- E:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (ftusbsrv) USB over Network (Server) -- E:\WINDOWS\system32\ftusbsrv.exe (FabulaTech)
SRV - (fsssvc) -- E:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- E:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ServiceLayer) -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Uniblue DiskRescue) -- E:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe (Uniblue)
SRV - (NOD32FiXTemDono) -- E:\WINDOWS\System32\regedt32.exe (Microsoft Corporation)
SRV - (VMCService) -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (EhttpSrv) -- E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- E:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (PSI_SVC_2) -- e:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- E:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WinDefend) -- E:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Crypkey License) -- E:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)

========== Driver Services (SafeList) ==========

DRV - (btkrnl) -- E:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found
DRV - (L1e) -- E:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (AtiHdmiService) -- E:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (StarOpen) -- E:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (SbieDrv) -- E:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (FsUsbExDisk) -- E:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (dgderdrv) -- E:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (mv2) -- E:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)
DRV - (MBAMProtector) -- E:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- E:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (teamviewervpn) -- E:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Btcsrusb) -- E:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (wacmoumonitor) -- E:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (ss_bmdm) -- E:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- E:\WINDOWS\system32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- E:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- E:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ftusbload) -- E:\WINDOWS\system32\drivers\ftusbload.sys (FabulaTech)
DRV - (ftusb) -- E:\WINDOWS\system32\drivers\ftusb.sys ()
DRV - (Ser2pl) -- E:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (GUCI_AVS) Generic USB Controller Interface (AVS) -- E:\WINDOWS\system32\drivers\GUCI_AVS.sys (PixArt Imaging Incorporation)
DRV - (btnetBUs) -- E:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (BtHidBus) -- E:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (wacomvhid) -- E:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (fssfltr) -- E:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (RTL8187B) -- E:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (BT) -- E:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (IvtBtBUs) -- E:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (VcommMgr) -- E:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- E:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (CH341SER) -- E:\WINDOWS\system32\drivers\CH341SER.SYS (www.winchiphead.com)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mcdbus) -- E:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (UltraMonUtility) -- E:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (pccsmcfd) -- E:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (Ambfilt) -- E:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (NwlnkIpx) -- E:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- E:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- E:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- E:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (hwdatacard) -- E:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (epfwtdir) -- E:\WINDOWS\system32\drivers\epfwtdir.sys ()
DRV - (easdrv) -- E:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- E:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (AsIO) -- E:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (vvftav303) -- E:\WINDOWS\system32\drivers\vvftav303.sys (Vimicro Corporation)
DRV - (ZSMC0303) VIMICRO USB PC Camera (ZC0301PLH) -- E:\WINDOWS\system32\drivers\usbVM303.sys (Vimicro Corporation)
DRV - (wacommousefilter) -- E:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (BTNetFilter) -- E:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys (IVT Corporation.)
DRV - (Monfilt) -- E:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Pnp680r) -- E:\WINDOWS\system32\DRIVERS\pnp680r.sys (Silicon Image, Inc)
DRV - (iteraid) -- E:\WINDOWS\system32\DRIVERS\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (MTsensor) -- E:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (NetworkX) -- E:\WINDOWS\system32\ckldrv.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pctools.c...c/fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: E:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/04 00:40:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/09/16 21:15:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/09/16 21:15:54 | 000,000,000 | ---D | M]

[2010/03/28 22:00:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Extensions
[2010/09/30 00:54:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions
[2010/09/24 11:26:42 | 000,000,000 | ---D | M] (Forecastfox Weather) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/08/19 22:23:38 | 000,000,000 | ---D | M] (Radio Bar 1 Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}
[2010/03/28 22:09:13 | 000,000,000 | ---D | M] (Shooter) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
[2010/03/28 22:09:13 | 000,000,000 | ---D | M] (PDF Download) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/06/23 09:24:06 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}
[2010/09/24 11:26:40 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/09/01 14:18:13 | 000,000,000 | ---D | M] (View Source Chart) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2010/08/26 11:56:55 | 000,000,000 | ---D | M] (ColorZilla) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/03/28 22:09:12 | 000,000,000 | ---D | M] (Live HTTP Headers) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/06/13 21:16:03 | 000,000,000 | ---D | M] (FireFTP) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/08/19 22:23:32 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/03/28 22:09:11 | 000,000,000 | ---D | M] (Web Developer) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/08/19 22:23:39 | 000,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/19 22:23:33 | 000,000,000 | ---D | M] (ViewSourceWith) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2010/09/24 11:26:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\en-US@dictionaries.addons.mozilla.org
[2010/03/28 22:09:16 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\howtovideosidebar@wonderhowto.com
[2010/03/28 22:09:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\bcs0ufq5.Andy\extensions\toolbar@ask.com
[2010/04/11 09:50:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions
[2010/03/28 22:08:02 | 000,000,000 | ---D | M] (Forecastfox) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/03/28 22:08:01 | 000,000,000 | ---D | M] (Radio Bar 1 Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{0fc85f5d-6207-4515-a490-45a549d285c0}
[2010/03/28 22:07:58 | 000,000,000 | ---D | M] (Shooter) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
[2010/03/28 22:07:58 | 000,000,000 | ---D | M] (PDF Download) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/28 22:07:57 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{38fc2fbc-9500-46e7-8bc5-b128acd9e143}
[2010/03/28 22:07:56 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/03/28 22:07:51 | 000,000,000 | ---D | M] (View Source Chart) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2010/03/28 22:07:51 | 000,000,000 | ---D | M] (Live HTTP Headers) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/03/28 22:07:50 | 000,000,000 | ---D | M] (FireFTP) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/04/11 09:50:39 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/03/28 22:07:48 | 000,000,000 | ---D | M] (Web Developer) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/03/28 22:07:48 | 000,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/28 22:07:47 | 000,000,000 | ---D | M] (Dafizilla ViewSourceWith) -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2010/03/28 22:08:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/03/28 22:08:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\howtovideosidebar@wonderhowto.com
[2010/03/28 22:08:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\extensions\toolbar@ask.com
[2010/02/04 17:45:40 | 000,002,254 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\askcom.xml
[2010/01/20 13:15:54 | 000,000,925 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\conduit.xml
[2010/03/27 13:12:51 | 000,003,224 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\ebay-uk.xml
[2010/03/08 01:12:11 | 000,001,631 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\thepiratebay.xml
[2010/03/08 01:12:03 | 000,005,626 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\mff33n2x.default\searchplugins\watchcountcom.xml
[2010/09/30 00:54:15 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2010/09/29 17:04:32 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/29 17:13:58 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/06 00:27:44 | 000,060,928 | ---- | M] (Adobe Systems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npContribute.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/11 17:44:28 | 000,001,538 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/11 17:44:28 | 000,000,947 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/11 17:44:28 | 000,000,769 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/11 17:44:28 | 000,001,135 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/03 01:42:47 | 000,001,211 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - E:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - E:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - E:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - E:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - E:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - E:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - E:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] E:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [egui] E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GUCI_AVS] E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [ISTray] E:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LiveZilla] E:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PACTray] E:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAP7501_Monitor] E:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SwitchBoard] E:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VMSnap3] E:\WINDOWS\VMSnap3.exe (Vimicro)
O4 - HKLM..\Run: [Windows Defender] E:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX600FW Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX600FW Series (Copy 1)] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [H/PC Connection Agent] E:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesTrayAgent] E:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - HKCU..\Run: [SandboxieControl] E:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SpeedUpMyPC] E:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Limited)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/24 09:47:27 | 000,000,000 | -H-D | M]
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = E:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk = E:\WINDOWS\Installer\{D28ED536-CCD0-4F38-987C-A57177371172}\_F7A06503601447F2BE72B0.exe ()
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = E:\WINDOWS\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico ()
O4 - Startup: E:\Documents and Settings\Andy\Start Menu\Programs\Startup\MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: E:\Documents and Settings\Andy\Start Menu\Programs\Startup\Vista & XP Virtual Desktops.lnk = E:\Documents and Settings\Andy\Application Data\Microsoft\Installer\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}\MainIcon.ico ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1269981272937 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - E:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: FolderControl - a9bb7b60-9ddd-428b-b704-836f2820c57e - E:\Program Files\Common Files\FolderControl\FolderControl.dll ()
O24 - Desktop WallPaper: E:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Andy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - E:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/16 19:14:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\Shell - "" = AutoRun
O33 - MountPoints2\{9c440b4a-5a20-11df-a396-acf24945de06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\Shell - "" = AutoRun
O33 - MountPoints2\{9c440b4b-5a20-11df-a396-acf24945de06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\S\Shell - "" = AutoRun
O33 - MountPoints2\S\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - E:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - E:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (67286130185207808)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/30 21:46:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/09/29 17:14:18 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Java
[2010/09/28 20:18:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\system restore point
[2010/09/28 18:15:20 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hijackthis logs
[2010/09/28 18:06:23 | 000,000,000 | ---D | C] -- E:\Program Files\Trend Micro
[2010/09/27 22:29:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2010/09/26 17:54:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\wind
[2010/09/26 17:54:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\150_Dreamweaver_Template
[2010/09/26 17:40:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\photoOptimizeHistoryDataBase
[2010/09/26 17:40:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\Ashampoo Photo Optimizer 3
[2010/09/26 16:49:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Ashampoo
[2010/09/26 16:46:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\ashampoo
[2010/09/26 16:46:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\ashampoo
[2010/09/26 16:46:10 | 000,000,000 | ---D | C] -- E:\Program Files\Ashampoo
[2010/09/24 18:28:57 | 000,039,520 | ---- | C] (Oki Data Corporation) -- E:\WINDOWS\System32\drivers\OPAPLPT.SYS
[2010/09/24 18:28:41 | 000,000,000 | ---D | C] -- E:\Program Files\Okidata
[2010/09/22 03:37:39 | 000,000,000 | ---D | C] -- E:\Program Files\USB over Network (Server)
[2010/09/22 03:37:39 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\FabulaTech
[2010/09/22 03:25:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\usb
[2010/09/19 00:16:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Version Cue
[2010/09/19 00:16:44 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\AdobeStockPhotos
[2010/09/19 00:11:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/09/18 23:40:03 | 000,000,000 | ---D | C] -- E:\Program Files\Bonjour
[2010/09/18 23:19:12 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Macrovision Shared
[2010/09/18 22:57:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Adobe CS3
[2010/09/15 00:08:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\MM-Backup
[2010/09/15 00:06:39 | 000,000,000 | ---D | C] -- E:\Program Files\MM-Exporter
[2010/09/14 23:58:24 | 002,966,347 | ---- | C] (JOEXX ) -- E:\Documents and Settings\Andy\Desktop\MM-Exporter_233_Setup.exe
[2010/09/14 23:38:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\dreamweaversites
[2010/09/09 13:01:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\MagiCut6
[2010/09/09 12:58:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\MagiCut
[2010/09/09 12:58:02 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Wintertree
[2010/09/09 12:58:00 | 000,000,000 | ---D | C] -- E:\Program Files\MagiCut
[2010/09/05 07:08:38 | 000,000,000 | ---D | C] -- E:\Program Files\SignGo
[2010/09/05 07:08:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\SignGo
[2010/09/05 07:08:04 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Wise Installation Wizard
[2010/09/02 21:15:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\punto 2010
[2010/08/30 11:23:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\autodata lees
[2010/08/29 21:39:10 | 000,000,000 | ---D | C] -- E:\Program Files\3CX PhoneSystem
[2010/08/29 21:39:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\3CX
[2010/08/29 21:37:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Install
[2010/08/29 15:49:16 | 000,065,536 | ---- | C] (Kenonic Controls Ltd.) -- E:\WINDOWS\System32\Crypserv.exe
[2010/08/29 15:49:15 | 000,165,888 | ---- | C] (Kenonic Controls) -- E:\WINDOWS\Ckconfig.exe
[2010/08/29 15:49:01 | 000,724,992 | ---- | C] (Indigo Rose Corporation) -- E:\WINDOWS\iun6002.exe
[2010/08/29 15:48:45 | 000,000,000 | ---D | C] -- E:\Program Files\Visualtoolbox
[2010/08/29 15:16:03 | 000,000,000 | ---D | C] -- E:\Program Files\SignMax
[2010/08/28 22:41:26 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live Safety Center
[2010/08/28 13:08:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\DPA Software
[2010/08/28 10:38:16 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Defender
[2010/08/27 08:12:29 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
[2010/08/26 11:40:47 | 000,543,616 | ---- | C] (PixArt Imaging Incorporation) -- E:\WINDOWS\System32\drivers\GUCI_AVS.sys
[2010/08/26 11:40:47 | 000,007,168 | ---- | C] (PixArt Imaging Inc.) -- E:\WINDOWS\System32\COINST_080603.dll
[2010/08/26 11:40:42 | 000,114,688 | ---- | C] (PixArt Imaging Incorporation) -- E:\WINDOWS\System32\PixArt.ax
[2010/08/26 11:40:40 | 000,175,104 | ---- | C] (PixArt Imaging Incorporation) -- E:\WINDOWS\System32\GUCI_AVS.ax
[2010/08/26 11:40:40 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- E:\WINDOWS\System32\GUCI_AVS.dll
[2010/08/26 11:40:40 | 000,000,000 | ---D | C] -- E:\WINDOWS\PixArt
[2010/08/26 11:40:40 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\PAP7501
[2010/08/24 09:47:27 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2010/08/24 09:43:52 | 000,610,304 | ---- | C] (Sysinternals) -- E:\WINDOWS\SysInternals Bluescreen.scr
[2010/08/24 09:43:50 | 000,000,000 | ---D | C] -- E:\Program Files\Sysinternals Toolbox
[2010/08/24 08:58:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\ESET
[2010/08/24 08:23:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\HHD Software
[2010/08/24 07:47:37 | 000,051,200 | ---- | C] (Prolific Technology Inc.) -- E:\WINDOWS\System32\drivers\ser2pl.sys
[2010/08/24 07:47:36 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- E:\WINDOWS\System32\SER9PL.sys
[2010/08/24 07:46:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\serialdrivers
[2010/08/24 01:56:18 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\ActiveXperts
[2010/08/24 01:56:13 | 000,000,000 | ---D | C] -- E:\Program Files\ActiveXperts
[2010/08/22 20:52:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Application Data\Vodafone
[2010/08/22 17:14:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Uniblue
[2010/08/22 03:12:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\vehicletemplates
[2010/08/22 02:03:34 | 000,000,000 | ---D | C] -- E:\Program Files\MyFree Codec
[2010/08/22 01:59:55 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Publish Providers
[2010/08/22 01:55:27 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Vegas Movie Studio HD Platinum 10.0 Projects
[2010/08/22 01:54:09 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sony
[2010/08/22 01:12:08 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Sony Vegas Movie Studio HD Platinum 10.0.179
[2010/08/22 01:09:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Sony
[2010/08/22 01:09:44 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\Sony
[2010/08/22 01:01:08 | 000,000,000 | ---D | C] -- E:\Program Files\Sony
[2010/08/22 01:01:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Architect
[2010/08/22 01:00:23 | 000,000,000 | ---D | C] -- E:\Program Files\Sony Setup
[2010/08/22 00:43:27 | 000,000,000 | ---D | C] -- E:\Program Files\Fotosizer
[2010/08/21 19:59:06 | 000,100,224 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bserd.sys
[2010/08/21 19:59:04 | 000,123,648 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bmdm.sys
[2010/08/21 19:59:04 | 000,014,848 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bmdfl.sys
[2010/08/21 19:59:04 | 000,012,416 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bcmnt.sys
[2010/08/21 19:59:02 | 000,098,432 | ---- | C] (MCCI) -- E:\WINDOWS\System32\drivers\ss_bbus.sys
[2010/08/21 19:59:02 | 000,012,288 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bwhnt.sys
[2010/08/20 01:41:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Qualcomm_USB_Driver_2.0.3.9
[2010/08/20 01:38:55 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Samsung_AGERE_USB_Modem_Driver_4.40.4.0
[2010/08/20 00:30:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Free Sound Recorder
[2010/08/20 00:30:26 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Free Sound Recorder
[2010/08/20 00:30:10 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioVisualization2.dll
[2010/08/20 00:30:10 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTTextToAudio2.dll
[2010/08/20 00:30:10 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTWMAFile2.dll
[2010/08/20 00:30:09 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- E:\WINDOWS\System32\NCTAudioFile2.dll
[2010/08/20 00:30:09 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioInformation2.dll
[2010/08/20 00:30:09 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioEditor2.dll
[2010/08/20 00:30:09 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioTransform2.dll
[2010/08/20 00:30:09 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioRecord2.dll
[2010/08/20 00:30:09 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- E:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010/08/20 00:30:08 | 000,835,584 | ---- | C] (NCT) -- E:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2010/08/20 00:30:05 | 000,000,000 | ---D | C] -- E:\Program Files\Free Sound Recorder
[2010/08/20 00:27:42 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Audacity
[2010/08/20 00:26:58 | 000,000,000 | ---D | C] -- E:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/08/20 00:17:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\Samsung
[2010/08/20 00:17:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\PC Suite
[2010/08/20 00:17:38 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\PC Suite
[2010/08/19 22:21:20 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\PCHealth
[2010/08/19 11:34:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/08/19 10:58:39 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Media Connect 2
[2010/08/19 10:49:46 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\Samsung_USB_Drivers
[2010/08/19 03:21:41 | 000,018,816 | ---- | C] (Nokia) -- E:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/08/19 02:14:09 | 000,217,088 | ---- | C] (Teruten) -- E:\WINDOWS\System32\FsUsbExService.Exe
[2010/08/19 02:10:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Samsung
[2010/08/19 02:09:57 | 000,000,000 | ---D | C] -- E:\Program Files\MarkAny
[2010/08/19 02:09:53 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Samsung
[2010/08/19 02:07:51 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\drivers\umdf
[2010/08/19 02:03:58 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\XPSViewer
[2010/08/19 02:03:53 | 000,000,000 | ---D | C] -- E:\Program Files\MSBuild
[2010/08/19 02:03:42 | 000,000,000 | ---D | C] -- E:\Program Files\Reference Assemblies
[2010/08/19 02:02:28 | 000,000,000 | ---D | C] -- E:\9174aeee9fa31e117e36
[2010/08/19 01:57:37 | 000,000,000 | -HSD | C] -- E:\Config.Msi
[2010/08/19 01:40:23 | 000,000,000 | ---D | C] -- E:\Program Files\Samsung
[2010/08/19 01:40:05 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Samsung
[2010/08/19 00:49:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\samsung unlocking software
[2010/08/19 00:48:03 | 000,012,416 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bcm.sys
[2010/08/19 00:47:59 | 000,012,288 | ---- | C] (MCCI Corporation) -- E:\WINDOWS\System32\drivers\ss_bwh.sys
[2010/08/15 19:47:41 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\3CX VoIP Phone
[2010/08/15 19:47:19 | 000,000,000 | ---D | C] -- E:\Program Files\3CXPhone
[2010/08/11 22:45:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest]
[2010/08/10 20:55:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Accounts
[2010/08/07 00:10:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Application Data\Uniblue
[2010/08/07 00:10:07 | 000,000,000 | ---D | C] -- E:\Program Files\Uniblue
[2010/08/06 23:44:27 | 000,000,000 | ---D | C] -- E:\Program Files\MSECache
[2010/08/06 23:29:35 | 000,000,000 | ---D | C] -- E:\Program Files\docXConverter3
[2010/08/05 15:09:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Signlab7
[2010/08/02 01:01:54 | 000,360,580 | ---- | C] (eSellerate Inc.) -- E:\WINDOWS\eSellerateEngine.dll
[2010/08/02 01:01:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\docXConverter logs
[2010/08/02 01:01:52 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\eSellerate
[2010/08/01 23:59:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Templates 0001-0087
[2010/07/31 00:30:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\RAID Utility
[2010/07/31 00:29:42 | 000,024,539 | R--- | C] (Integrated Technology Express, Inc.) -- E:\WINDOWS\System32\drivers\iteraid.sys
[2010/07/27 20:13:49 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\updates
[2010/07/24 02:41:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\newrom
[2010/07/24 02:06:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\New Folder (4)
[2010/07/24 02:04:33 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\1.56.70.11
[2010/07/24 01:53:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hardsplsd
[2010/07/24 00:59:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hardsplv7
[2010/07/24 00:07:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\hardspl
[2010/07/23 23:55:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\mcool
[2010/07/23 23:47:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\spv m700
[2010/07/22 04:13:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\Win_XP
[2010/07/22 03:36:41 | 000,000,000 | ---D | C] -- E:\Program Files\Silicon Image
[2010/07/22 03:35:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\win6
[2010/07/22 03:35:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil5
[2010/07/22 03:33:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil4
[2010/07/22 03:32:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil3
[2010/07/22 03:30:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil2
[2010/07/22 03:18:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\sil
[2010/07/21 00:31:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\osticket
[2010/07/19 11:46:24 | 000,040,024 | ---- | C] (3CX Ltd.) -- E:\WINDOWS\System32\3CXInstallationChecker.exe
[2010/07/15 09:18:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Tracing
[2010/07/15 00:04:46 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Silverlight
[2010/07/15 00:04:23 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Office Outlook Connector
[2010/07/15 00:03:21 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Sync Framework
[2010/07/15 00:02:00 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/15 00:00:35 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft
[2010/07/15 00:00:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Documents\microsoft
[2010/07/15 00:00:13 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live SkyDrive
[2010/07/14 23:59:42 | 000,000,000 | ---D | C] -- E:\Program Files\Windows Live
[2010/07/14 23:54:26 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Windows Live
[2010/07/14 23:47:13 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\Threat Expert
[2010/07/14 23:47:08 | 000,000,000 | ---D | C] -- E:\Program Files\MSN Toolbar
[2010/07/14 23:22:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\My Documents\My Received Files
[2010/07/14 00:44:19 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Protexis
[2010/07/14 00:41:21 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Corel
[2010/07/14 00:40:40 | 000,000,000 | ---D | C] -- E:\Program Files\Corel
[2010/07/14 00:38:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\CorelDRAW_Graphics_Suite_X4_Keygen_AGAiN
[2010/07/13 20:37:45 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\SETUP (USB DRIVER)
[2010/07/13 20:25:58 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Local Settings\Application Data\RcIncidents
[2010/07/13 01:34:01 | 000,000,000 | R--D | C] -- E:\Sandbox
[2010/07/13 01:12:10 | 000,000,000 | ---D | C] -- E:\Program Files\Sandboxie
[2010/07/13 00:43:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\CorelDRAW Graphics Suite X4 v14.0.0.567 crack by donald.duck
[2010/07/13 00:31:18 | 000,795,936 | ---- | C] (Corel Corporation) -- E:\Documents and Settings\Andy\Desktop\crlutl.dll
[2010/07/13 00:31:17 | 011,994,400 | ---- | C] (Corel Corporation) -- E:\Documents and Settings\Andy\Desktop\CorelPP.dll
[2010/07/13 00:31:17 | 011,121,952 | ---- | C] (Corel Corporation) -- E:\Documents and Settings\Andy\Desktop\CorelDrw.dll
[2010/07/07 23:30:11 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\.yawcam
[2010/07/07 23:29:21 | 000,000,000 | ---D | C] -- E:\Program Files\Yawcam
[2010/07/07 23:19:33 | 000,000,000 | ---D | C] -- E:\WINDOWS\EffectResources
[2010/07/07 23:18:50 | 000,122,880 | ---- | C] (www.zsmc.com.cn) -- E:\WINDOWS\VM303Cap.exe
[2010/07/07 23:18:50 | 000,081,920 | ---- | C] (VM) -- E:\WINDOWS\System32\VM303STI.dll
[2010/07/07 23:18:50 | 000,049,152 | ---- | C] (Vimicro) -- E:\WINDOWS\VMSnap3.exe
[2010/07/07 23:18:50 | 000,046,592 | ---- | C] (Vimicro Cooperation) -- E:\WINDOWS\System32\VvFtCtrl.dll
[2010/07/07 23:18:49 | 001,474,560 | ---- | C] (Vimicro Corporation) -- E:\WINDOWS\System32\drivers\usbVM303.sys
[2010/07/07 23:18:49 | 000,475,136 | ---- | C] (Vimicro Corporation) -- E:\WINDOWS\System32\drivers\vvftav303.sys
[2010/07/07 23:18:49 | 000,262,218 | ---- | C] (Vimicro) -- E:\WINDOWS\System32\VM303Prp.Ax
[2010/07/07 23:18:49 | 000,102,400 | ---- | C] (Vimicro) -- E:\WINDOWS\System32\vvftprpav303.ax
[2010/07/07 23:18:33 | 000,000,000 | ---D | C] -- E:\Program Files\Vimicro
[2010/07/07 23:12:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\ChipTypedetector
[2010/07/05 20:31:02 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Andy\Desktop\leigh
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/30 23:18:48 | 000,000,113 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\computer intermittant.URL
[2010/09/30 21:46:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/09/30 21:45:14 | 000,485,896 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\HAMeb_check.exe
[2010/09/30 21:44:28 | 000,133,632 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\RKUnhookerLE.EXE
[2010/09/30 21:43:53 | 000,080,384 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MBRCheck.exe
[2010/09/30 21:33:07 | 006,553,600 | ---- | M] () -- E:\Documents and Settings\Andy\NTUSER.DAT
[2010/09/30 14:44:45 | 000,003,974 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\kaspersky.html
[2010/09/30 14:03:11 | 000,033,759 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\nadia.jpg
[2010/09/30 10:43:55 | 003,914,409 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Andymitchmitch.pdf
[2010/09/30 02:07:04 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/30 01:55:26 | 000,044,726 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\andy2.jpg
[2010/09/30 01:37:31 | 000,047,162 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Andy.jpg
[2010/09/29 17:12:13 | 000,000,825 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/09/29 13:38:32 | 000,001,436 | ---- | M] () -- E:\WINDOWS\Sandboxie.ini
[2010/09/28 18:06:26 | 000,001,982 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2010/09/27 22:29:03 | 000,000,832 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Adobe Widget Browser.lnk
[2010/09/27 22:28:27 | 001,327,375 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\widgetbrowser_468.air
[2010/09/26 17:40:45 | 000,000,874 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 17:40:45 | 000,000,856 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 16:46:55 | 000,000,808 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
[2010/09/26 16:46:55 | 000,000,790 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Commander 8.lnk
[2010/09/24 18:39:12 | 000,512,960 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/24 18:39:12 | 000,436,796 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010/09/24 18:39:12 | 000,069,196 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010/09/24 18:35:52 | 000,006,547 | ---- | M] () -- E:\WINDOWS\System32\LOCALSERVICE.INI
[2010/09/24 18:35:42 | 000,000,262 | ---- | M] () -- E:\WINDOWS\tasks\RegistryBooster.job
[2010/09/24 18:34:16 | 000,002,427 | ---- | M] () -- E:\Documents and Settings\Andy\Start Menu\Programs\Startup\Vista & XP Virtual Desktops.lnk
[2010/09/24 18:34:14 | 000,002,299 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[2010/09/24 18:34:12 | 000,002,435 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
[2010/09/24 18:33:57 | 000,001,228 | ---- | M] () -- E:\WINDOWS\System32\bscs.ini
[2010/09/24 18:33:47 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/09/24 18:33:44 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/09/24 11:09:54 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/09/22 23:10:47 | 000,003,660 | -HS- | M] () -- E:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/09/22 21:51:52 | 003,760,472 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/22 03:37:40 | 000,000,730 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\USB over Network (Server).lnk
[2010/09/19 00:09:58 | 000,067,968 | ---- | M] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/18 01:07:47 | 000,002,681 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\1st4tees.ste
[2010/09/16 12:47:19 | 000,502,384 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\SDC10413.JPG
[2010/09/15 20:51:29 | 1639,705,446 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\maccs5.rar
[2010/09/15 00:12:15 | 001,454,115 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\MM-Backup.rar
[2010/09/15 00:06:43 | 000,000,790 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MM-Exporter.lnk
[2010/09/14 23:57:11 | 002,966,347 | ---- | M] (JOEXX ) -- E:\Documents and Settings\Andy\Desktop\MM-Exporter_233_Setup.exe
[2010/09/14 17:58:27 | 000,004,957 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Anon Snowboard Logo.eps
[2010/09/14 17:58:27 | 000,004,957 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Anon Snowboard Logo.eps
[2010/09/12 02:20:07 | 000,000,000 | ---- | M] () -- E:\WINDOWS\MagiCut6.INI
[2010/09/10 23:22:33 | 000,096,068 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\PolicyAdjustmentDocuments_32345.pdf
[2010/09/09 12:58:35 | 000,001,671 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\MagiCut 6.lnk
[2010/09/08 22:48:49 | 000,001,000 | ---- | M] () -- E:\WINDOWS\win.ini
[2010/09/08 16:04:23 | 004,882,944 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Cutters-08092010.xls
[2010/09/06 14:23:31 | 000,068,592 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\create_ActionOriginPair=pr.pdf
[2010/09/06 09:16:51 | 000,025,488 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher2.jpg
[2010/09/06 09:08:06 | 000,006,787 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher.jpg
[2010/09/05 07:11:06 | 000,000,069 | ---- | M] () -- E:\WINDOWS\signgo.ini
[2010/09/05 07:08:43 | 000,001,639 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SignGo.lnk
[2010/08/29 22:16:08 | 001,049,658 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\novavox-x100p-se-installation-guide.pdf
[2010/08/29 21:19:45 | 000,002,240 | ---- | M] () -- E:\WINDOWS\System32\esnecil.ind
[2010/08/29 15:50:19 | 000,002,240 | ---- | M] () -- E:\WINDOWS\System32\esnecil.nlp
[2010/08/29 15:49:32 | 000,000,057 | ---- | M] () -- E:\WINDOWS\Crypkey.ini
[2010/08/29 15:49:05 | 000,018,281 | ---- | M] () -- E:\Program Files\irunin.ini
[2010/08/29 15:49:05 | 000,001,736 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Vistool 6 Programs.lnk
[2010/08/29 15:48:22 | 000,724,992 | ---- | M] (Indigo Rose Corporation) -- E:\WINDOWS\iun6002.exe
[2010/08/29 15:48:22 | 000,215,727 | ---- | M] () -- E:\Program Files\irunin.dat
[2010/08/29 15:48:22 | 000,015,938 | ---- | M] () -- E:\Program Files\irunin.lng
[2010/08/29 15:48:22 | 000,008,134 | ---- | M] () -- E:\Program Files\irunin.bmp
[2010/08/29 15:19:40 | 000,000,257 | ---- | M] () -- E:\WINDOWS\WinPCSIGN.INI
[2010/08/29 15:16:34 | 000,001,754 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\WinPCSIGN Pro 2010.lnk
[2010/08/28 13:08:04 | 000,001,407 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\FlexiSIGN-PRO Demonstraction CD.lnk
[2010/08/27 08:13:21 | 000,000,376 | ---- | M] () -- E:\WINDOWS\tasks\Uniblue DiskRescue 2009.job
[2010/08/27 08:12:49 | 000,000,808 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\DiskRescue 2009.lnk
[2010/08/27 08:12:49 | 000,000,790 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\DiskRescue 2009.lnk
[2010/08/26 19:03:41 | 000,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2010/08/26 11:40:49 | 000,000,803 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\amcap.lnk
[2010/08/24 09:58:53 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/24 09:58:51 | 000,000,340 | ---- | M] () -- E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FRONTROOM-Andy.job
[2010/08/24 08:23:28 | 000,002,303 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk
[2010/08/24 08:23:28 | 000,002,285 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Hex Editor Neo.lnk
[2010/08/24 01:56:25 | 000,000,019 | ---- | M] () -- E:\WINDOWS\info023
[2010/08/24 01:56:25 | 000,000,019 | ---- | M] () -- E:\WINDOWS\info022
[2010/08/24 01:56:18 | 000,000,807 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\ActiveComport.lnk
[2010/08/22 20:27:15 | 000,046,632 | ---- | M] (Atheros Communications, Inc.) -- E:\WINDOWS\System32\drivers\l1e51x86.sys
[2010/08/22 19:06:39 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) -- E:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010/08/22 17:05:15 | 000,000,782 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PixelPerfect.lnk
[2010/08/22 17:05:15 | 000,000,764 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\PixelPerfect.lnk
[2010/08/22 01:59:03 | 000,002,564 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Register Vegas Movie Studio HD Platinum.htm
[2010/08/22 01:54:19 | 000,001,863 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Vegas Movie Studio HD Platinum 10.0.lnk
[2010/08/22 01:51:09 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2010/08/22 01:08:53 | 000,002,560 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Register DVD Architect Pro.htm
[2010/08/22 01:01:30 | 000,001,715 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\DVD Architect Pro 4.5.lnk
[2010/08/22 00:43:28 | 000,000,722 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk
[2010/08/22 00:43:28 | 000,000,704 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Fotosizer.lnk
[2010/08/20 00:27:27 | 000,000,739 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/08/20 00:17:23 | 000,001,614 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2010/08/20 00:14:39 | 000,002,006 | ---- | M] () -- E:\aqua_bitmap.cpp
[2010/08/19 22:22:14 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/08/19 22:19:12 | 000,000,101 | ---- | M] () -- E:\WINDOWS\System32\LOCALDEVICE.INI
[2010/08/19 22:13:50 | 000,005,632 | ---- | M] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 11:38:56 | 000,000,810 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/19 11:37:41 | 000,023,392 | ---- | M] () -- E:\WINDOWS\System32\nscompat.tlb
[2010/08/19 11:37:41 | 000,016,832 | ---- | M] () -- E:\WINDOWS\System32\amcompat.tlb
[2010/08/19 10:57:20 | 000,316,640 | ---- | M] () -- E:\WINDOWS\WMSysPr9.prx
[2010/08/19 10:51:56 | 000,001,793 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2010/08/19 10:49:07 | 000,000,673 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2010/08/19 03:21:36 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/19 02:09:51 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2010/08/17 23:43:18 | 000,352,446 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Map for email.jpg
[2010/08/16 02:05:43 | 000,000,485 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4tees.lnk
[2010/08/16 02:05:37 | 000,000,555 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4cuttersandplotters.lnk
[2010/08/16 02:04:50 | 000,000,434 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to maxtor 160 websites.lnk
[2010/08/15 01:03:09 | 000,063,488 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\tshirt prices.doc
[2010/08/14 16:20:36 | 000,019,582 | ---- | M] () -- E:\WINDOWS\EPSTPLOG.BAK
[2010/08/13 18:42:49 | 002,937,856 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\WRT54GS-v4_1.06.3.002_fw(3).bin
[2010/08/13 03:20:04 | 002,937,856 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\WRT54GS-v4_1.06.3.002_fw.bin
[2010/08/13 00:11:32 | 000,394,621 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\WiFiMonster_v1.0.52.149_VGA.zip
[2010/08/11 23:06:34 | 1047,718,111 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip
[2010/08/11 17:07:05 | 000,001,496 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MagicISO.lnk
[2010/08/08 00:29:17 | 000,001,515 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/08 00:29:16 | 000,001,515 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/08/07 14:11:09 | 004,663,808 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\Cutters-04082010.xls
[2010/08/07 00:10:28 | 000,000,752 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/08/07 00:10:28 | 000,000,734 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\PowerSuite.lnk
[2010/08/06 23:29:38 | 000,010,584 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\docXConverter (3).ini
[2010/08/06 23:29:38 | 000,000,135 | -H-- | M] () -- E:\Documents and Settings\Andy\Application Data\lakerda1967.sys
[2010/08/06 23:29:37 | 000,000,571 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\docXConverter.lnk
[2010/08/05 21:50:03 | 000,111,853 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\vinyl colour chart.jpg
[2010/08/05 16:55:43 | 000,174,644 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Picture 3.png
[2010/08/02 01:01:54 | 000,360,580 | ---- | M] (eSellerate Inc.) -- E:\WINDOWS\eSellerateEngine.dll
[2010/07/30 23:50:11 | 003,183,246 | -H-- | M] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\IconCache.db
[2010/07/30 14:04:07 | 000,064,292 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\_IO Cable_PL-2303_Drivers - Generic_MacOS_MacOS 10.x_md_pl2303H_HX_X_dmg_v1.2.1r2.zip
[2010/07/29 21:02:17 | 003,914,388 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\jayjay.pdf
[2010/07/25 23:23:43 | 000,124,854 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\berth.jpg
[2010/07/25 23:13:33 | 000,199,692 | ---- | M] () -- E:\Documents and Settings\Andy\My Documents\passing.jpg
[2010/07/25 12:42:11 | 000,013,261 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\ uk-racer has sent a question about item #180534330869, that ending on 16-Aug-10 13_38_57 BST - QUALITY T-SHIRT VINYL - FLEX HEAT TRANSFER 520mm x 1m .htm
[2010/07/21 04:19:42 | 000,767,928 | ---- | M] () -- E:\WINDOWS\BDTSupport.dll
[2010/07/19 11:46:24 | 000,040,024 | ---- | M] (3CX Ltd.) -- E:\WINDOWS\System32\3CXInstallationChecker.exe
[2010/07/17 21:41:04 | 000,000,786 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to FILES.lnk
[2010/07/17 21:17:37 | 000,010,752 | ---- | M] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 01:12:11 | 000,000,776 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Sandboxed Web Browser.lnk
[2010/07/13 01:12:11 | 000,000,776 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/07/07 23:29:33 | 000,001,626 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2010/07/07 23:29:33 | 000,001,536 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Yawcam.lnk
[2010/07/05 22:28:51 | 002,736,550 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Snap1.bmp
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[13 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/30 23:18:48 | 000,000,113 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\computer intermittant.URL
[2010/09/30 21:45:09 | 000,485,896 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\HAMeb_check.exe
[2010/09/30 21:44:27 | 000,133,632 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\RKUnhookerLE.EXE
[2010/09/30 21:43:52 | 000,080,384 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\MBRCheck.exe
[2010/09/30 14:44:45 | 000,003,974 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\kaspersky.html
[2010/09/30 14:03:10 | 000,033,759 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\nadia.jpg
[2010/09/30 10:43:46 | 003,914,409 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Andymitchmitch.pdf
[2010/09/30 01:55:25 | 000,044,726 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\andy2.jpg
[2010/09/30 01:37:22 | 000,047,162 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Andy.jpg
[2010/09/28 18:06:26 | 000,001,982 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2010/09/27 22:29:03 | 000,000,832 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Adobe Widget Browser.lnk
[2010/09/27 22:28:25 | 001,327,375 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\widgetbrowser_468.air
[2010/09/26 17:40:45 | 000,000,874 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 17:40:45 | 000,000,856 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Optimizer 3.lnk
[2010/09/26 16:46:55 | 000,000,808 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ashampoo Photo Commander 8.lnk
[2010/09/26 16:46:55 | 000,000,790 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Ashampoo Photo Commander 8.lnk
[2010/09/26 16:24:00 | 004,882,944 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Cutters-08092010.xls
[2010/09/24 18:28:56 | 000,000,785 | ---- | C] () -- E:\WINDOWS\System32\OPAPLPT.DAT
[2010/09/22 03:37:40 | 000,000,730 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\USB over Network (Server).lnk
[2010/09/16 14:40:32 | 000,004,957 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Anon Snowboard Logo.eps
[2010/09/16 13:31:08 | 000,502,384 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\SDC10413.JPG
[2010/09/15 20:46:13 | 1639,705,446 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\maccs5.rar
[2010/09/15 00:12:11 | 001,454,115 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\MM-Backup.rar
[2010/09/15 00:06:43 | 000,000,790 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\MM-Exporter.lnk
[2010/09/14 23:38:46 | 000,002,681 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\1st4tees.ste
[2010/09/14 21:57:10 | 000,004,957 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Anon Snowboard Logo.eps
[2010/09/12 02:20:07 | 000,000,000 | ---- | C] () -- E:\WINDOWS\MagiCut6.INI
[2010/09/11 23:26:03 | 738,789,632 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Macromedia Studio 8 Full Edition (Dreamweaver 8, Flash Pro 8, Fireworks 8, Contribute 3, FlashPaper 2, ColdFusion MX 7 Developer Edition, FreeHand MX 11.0.2, Ca.rar
[2010/09/10 23:22:32 | 000,096,068 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\PolicyAdjustmentDocuments_32345.pdf
[2010/09/09 12:58:35 | 000,001,671 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\MagiCut 6.lnk
[2010/09/07 01:06:35 | 1047,718,111 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Adobe Photoshop CS5 [Extended] [MAC] + [INSTALLATION INSTRUCTIONS] + [SN] [CodeTempest].zip
[2010/09/06 14:23:31 | 000,068,592 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\create_ActionOriginPair=pr.pdf
[2010/09/06 09:16:51 | 000,025,488 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher2.jpg
[2010/09/06 09:08:05 | 000,006,787 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\nikoapp launcher.jpg
[2010/09/05 07:11:06 | 000,000,069 | ---- | C] () -- E:\WINDOWS\signgo.ini
[2010/09/05 07:08:43 | 000,001,639 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SignGo.lnk
[2010/08/31 14:51:17 | 000,033,595 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\LiYu.csm
[2010/08/31 14:51:17 | 000,005,243 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\LiYuCut.csm
[2010/08/29 22:16:08 | 001,049,658 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\novavox-x100p-se-installation-guide.pdf
[2010/08/29 15:50:17 | 000,002,240 | ---- | C] () -- E:\WINDOWS\System32\esnecil.nlp
[2010/08/29 15:50:17 | 000,002,240 | ---- | C] () -- E:\WINDOWS\System32\esnecil.ind
[2010/08/29 15:49:32 | 000,000,057 | ---- | C] () -- E:\WINDOWS\Crypkey.ini
[2010/08/29 15:49:16 | 000,029,414 | ---- | C] () -- E:\WINDOWS\System32\Ckldrv.sys
[2010/08/29 15:49:15 | 000,027,648 | R--- | C] () -- E:\WINDOWS\Setup_ck.exe
[2010/08/29 15:49:15 | 000,018,432 | ---- | C] () -- E:\WINDOWS\Setup_ck.dll
[2010/08/29 15:49:15 | 000,011,776 | ---- | C] () -- E:\WINDOWS\Ckrfresh.exe
[2010/08/29 15:49:05 | 000,001,736 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Vistool 6 Programs.lnk
[2010/08/29 15:49:01 | 000,215,727 | ---- | C] () -- E:\Program Files\irunin.dat
[2010/08/29 15:49:01 | 000,018,281 | ---- | C] () -- E:\Program Files\irunin.ini
[2010/08/29 15:49:01 | 000,015,938 | ---- | C] () -- E:\Program Files\irunin.lng
[2010/08/29 15:49:01 | 000,008,134 | ---- | C] () -- E:\Program Files\irunin.bmp
[2010/08/29 15:19:33 | 000,000,257 | ---- | C] () -- E:\WINDOWS\WinPCSIGN.INI
[2010/08/29 15:16:52 | 000,028,809 | ---- | C] () -- E:\WINDOWS\System32\wpcs2k10.ico
[2010/08/29 15:16:34 | 000,001,754 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\WinPCSIGN Pro 2010.lnk
[2010/08/28 13:08:04 | 000,001,407 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\FlexiSIGN-PRO Demonstraction CD.lnk
[2010/08/28 10:41:22 | 000,000,330 | -H-- | C] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/27 08:13:21 | 000,000,376 | ---- | C] () -- E:\WINDOWS\tasks\Uniblue DiskRescue 2009.job
[2010/08/27 08:12:49 | 000,000,808 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\DiskRescue 2009.lnk
[2010/08/27 08:12:49 | 000,000,790 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\DiskRescue 2009.lnk
[2010/08/26 11:40:47 | 000,002,157 | ---- | C] () -- E:\WINDOWS\System32\GUCI_AVS.ini
[2010/08/24 08:23:28 | 000,002,303 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk
[2010/08/24 08:23:28 | 000,002,285 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Hex Editor Neo.lnk
[2010/08/24 07:47:36 | 000,026,719 | ---- | C] () -- E:\WINDOWS\System32\SERSPL.VXD
[2010/08/24 01:56:25 | 000,000,019 | ---- | C] () -- E:\WINDOWS\info023
[2010/08/24 01:56:25 | 000,000,019 | ---- | C] () -- E:\WINDOWS\info022
[2010/08/24 01:56:18 | 000,000,807 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\ActiveComport.lnk
[2010/08/22 17:05:15 | 000,000,782 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PixelPerfect.lnk
[2010/08/22 17:05:15 | 000,000,764 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\PixelPerfect.lnk
[2010/08/22 01:55:50 | 000,002,564 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Register Vegas Movie Studio HD Platinum.htm
[2010/08/22 01:54:19 | 000,001,863 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Vegas Movie Studio HD Platinum 10.0.lnk
[2010/08/22 01:08:53 | 000,002,560 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Register DVD Architect Pro.htm
[2010/08/22 01:01:30 | 000,001,715 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\DVD Architect Pro 4.5.lnk
[2010/08/22 00:43:28 | 000,000,722 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Fotosizer.lnk
[2010/08/22 00:43:28 | 000,000,704 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Fotosizer.lnk
[2010/08/20 00:30:10 | 000,113,486 | ---- | C] () -- E:\WINDOWS\System32\NCTWMAProfiles.prx
[2010/08/20 00:27:27 | 000,000,739 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/08/20 00:17:23 | 000,001,614 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2010/08/19 22:18:03 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/08/19 22:15:10 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/08/19 10:51:56 | 000,001,793 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung PC Studio 3.lnk
[2010/08/19 10:49:33 | 000,000,766 | ---- | C] () -- E:\WINDOWS\System32\Uninstall.ico
[2010/08/19 10:49:24 | 000,005,632 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/19 10:49:07 | 000,000,673 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Samsung PC Studio 3.lnk
[2010/08/19 03:21:36 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/08/19 02:14:10 | 000,110,592 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/08/19 02:14:09 | 000,036,640 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/08/19 02:09:51 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2010/08/19 02:04:34 | 001,534,488 | ---- | C] () -- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/19 01:38:59 | 000,002,006 | ---- | C] () -- E:\aqua_bitmap.cpp
[2010/08/17 23:43:17 | 000,352,446 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Map for email.jpg
[2010/08/16 02:05:49 | 000,000,485 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4tees.lnk
[2010/08/16 02:05:40 | 000,000,555 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to 1st4cuttersandplotters.lnk
[2010/08/16 02:04:53 | 000,000,434 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to maxtor 160 websites.lnk
[2010/08/15 01:00:56 | 000,063,488 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\tshirt prices.doc
[2010/08/14 16:13:05 | 000,000,182 | ---- | C] () -- E:\WINDOWS\System32\EBPPORT.DAT
[2010/08/14 16:12:39 | 000,019,582 | ---- | C] () -- E:\WINDOWS\EPSTPLOG.BAK
[2010/08/13 18:42:49 | 002,937,856 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\WRT54GS-v4_1.06.3.002_fw(3).bin
[2010/08/13 03:22:10 | 002,937,856 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\WRT54GS-v4_1.06.3.002_fw.bin
[2010/08/13 02:54:27 | 003,122,208 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\WRT54GV4.0_4.21.1_US_code.bin
[2010/08/13 00:11:32 | 000,394,621 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\WiFiMonster_v1.0.52.149_VGA.zip
[2010/08/07 14:10:51 | 004,663,808 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\Cutters-04082010.xls
[2010/08/07 11:24:27 | 000,111,853 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\vinyl colour chart.jpg
[2010/08/07 00:10:40 | 000,000,262 | ---- | C] () -- E:\WINDOWS\tasks\RegistryBooster.job
[2010/08/07 00:10:28 | 000,000,752 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk
[2010/08/07 00:10:28 | 000,000,734 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\PowerSuite.lnk
[2010/08/06 23:29:37 | 000,000,571 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\docXConverter.lnk
[2010/08/05 21:54:39 | 000,174,644 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Picture 3.png
[2010/08/02 01:01:54 | 000,000,135 | -H-- | C] () -- E:\Documents and Settings\Andy\Application Data\lakerda1967.sys
[2010/08/02 01:01:51 | 000,010,584 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\docXConverter (3).ini
[2010/07/31 18:33:25 | 000,086,584 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\LMS Hippy Chick.ttf
[2010/07/31 18:33:12 | 000,076,868 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\CHICK___.TTF
[2010/07/30 14:10:33 | 000,064,292 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\_IO Cable_PL-2303_Drivers - Generic_MacOS_MacOS 10.x_md_pl2303H_HX_X_dmg_v1.2.1r2.zip
[2010/07/29 21:10:16 | 003,914,388 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\jayjay.pdf
[2010/07/25 23:23:42 | 000,124,854 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\berth.jpg
[2010/07/25 23:13:32 | 000,199,692 | ---- | C] () -- E:\Documents and Settings\Andy\My Documents\passing.jpg
[2010/07/25 12:42:11 | 000,013,261 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\ uk-racer has sent a question about item #180534330869, that ending on 16-Aug-10 13_38_57 BST - QUALITY T-SHIRT VINYL - FLEX HEAT TRANSFER 520mm x 1m .htm
[2010/07/22 03:36:42 | 000,002,435 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARaid.lnk
[2010/07/17 21:41:04 | 000,000,786 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Shortcut to FILES.lnk
[2010/07/13 01:12:31 | 000,000,776 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Sandboxed Web Browser.lnk
[2010/07/13 01:12:31 | 000,000,776 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/07/13 01:12:28 | 000,001,436 | ---- | C] () -- E:\WINDOWS\Sandboxie.ini
[2010/07/07 23:29:33 | 000,001,626 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2010/07/07 23:29:33 | 000,001,536 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Yawcam.lnk
[2010/07/07 23:20:12 | 000,126,976 | ---- | C] () -- E:\WINDOWS\System32\vmcoinst_zc0301plh.dll
[2010/07/07 23:18:49 | 000,122,880 | ---- | C] () -- E:\WINDOWS\rm303b.exe
[2010/07/07 23:18:49 | 000,049,152 | ---- | C] () -- E:\WINDOWS\Domino.exe
[2010/07/07 23:18:33 | 000,000,803 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\amcap.lnk
[2010/07/05 22:32:25 | 002,736,550 | ---- | C] () -- E:\Documents and Settings\Andy\Desktop\Snap1.bmp
[2010/06/24 11:48:21 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2010/06/10 09:22:17 | 000,767,928 | ---- | C] () -- E:\WINDOWS\BDTSupport.dll
[2010/05/26 17:38:05 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\Andy\Application Data\$_hpcst$.hpc
[2010/05/07 22:59:38 | 000,010,752 | ---- | C] () -- E:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 06:54:16 | 000,974,848 | ---- | C] () -- E:\WINDOWS\System32\cis-2.4.dll
[2010/05/07 06:54:16 | 000,081,920 | ---- | C] () -- E:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010/05/07 06:54:16 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010/05/07 06:54:16 | 000,057,344 | ---- | C] () -- E:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/04/15 12:20:18 | 000,003,730 | ---- | C] () -- E:\WINDOWS\System32\SHORTCUT.INI
[2010/04/15 12:03:12 | 000,000,384 | ---- | C] () -- E:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/04/15 12:03:07 | 000,006,547 | ---- | C] () -- E:\WINDOWS\System32\LOCALSERVICE.INI
[2010/04/15 12:03:05 | 000,000,101 | ---- | C] () -- E:\WINDOWS\System32\LOCALDEVICE.INI
[2010/04/15 11:54:46 | 000,000,000 | ---- | C] () -- E:\WINDOWS\System32\BSPRINT.INI
[2010/04/13 23:31:22 | 000,000,534 | ---- | C] () -- E:\WINDOWS\FileExpress.INI
[2010/04/08 12:53:38 | 000,000,000 | ---- | C] () -- E:\WINDOWS\PROTOCOL.INI
[2010/04/07 00:02:03 | 000,003,660 | -HS- | C] () -- E:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/07 00:02:03 | 000,000,008 | RHS- | C] () -- E:\Documents and Settings\All Users\Application Data\AC63B5DBA3.sys
[2010/03/29 01:29:26 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2010/03/28 17:57:29 | 002,453,504 | ---- | C] () -- E:\Program Files\UltraMon_3.0.3_en_x32.msi
[2010/03/28 14:36:56 | 000,024,576 | R--- | C] () -- E:\WINDOWS\System32\AsIO.dll
[2010/03/28 14:36:56 | 000,012,400 | R--- | C] () -- E:\WINDOWS\System32\drivers\AsIO.sys
[2010/03/28 14:36:54 | 000,011,832 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/03/28 14:36:54 | 000,010,216 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/03/28 14:27:19 | 000,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2010/03/28 14:27:11 | 000,001,769 | ---- | C] () -- E:\WINDOWS\Language_trs.ini
[2010/03/28 14:27:08 | 000,021,891 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2010/03/28 14:27:08 | 000,010,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/03/18 11:28:44 | 000,916,849 | ---- | C] () -- E:\WINDOWS\System32\libiconv-2.dll
[2010/03/18 11:28:44 | 000,188,491 | ---- | C] () -- E:\WINDOWS\System32\libpq.dll
[2010/03/18 11:28:44 | 000,110,592 | ---- | C] () -- E:\WINDOWS\System32\pgxalib.dll
[2010/03/18 11:28:44 | 000,094,208 | ---- | C] () -- E:\WINDOWS\System32\pgenlista.dll
[2010/03/18 11:28:44 | 000,094,208 | ---- | C] () -- E:\WINDOWS\System32\pgenlist.dll
[2010/03/18 11:28:44 | 000,051,016 | ---- | C] () -- E:\WINDOWS\System32\libintl-2.dll
[2010/03/10 09:45:02 | 000,001,228 | ---- | C] () -- E:\WINDOWS\System32\bscs.ini
[2010/03/08 14:13:10 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\BsMobileCSps.dll
[2010/01/22 10:04:30 | 000,081,920 | ---- | C] () -- E:\WINDOWS\System32\BsVistaCommon.dll
[2009/12/01 13:58:24 | 000,017,400 | ---- | C] () -- E:\WINDOWS\System32\drivers\ftusb.sys
[2009/10/06 08:16:00 | 000,819,200 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2008/12/07 12:44:54 | 000,029,192 | ---- | C] () -- E:\WINDOWS\System32\drivers\btnetBus.sys
[2008/03/07 16:43:56 | 000,084,734 | R--- | C] () -- E:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/03/07 13:47:30 | 000,020,270 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/02/20 11:11:16 | 000,033,800 | ---- | C] () -- E:\WINDOWS\System32\drivers\epfwtdir.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- E:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/08/29 21:39:10 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\3CX
[2010/04/20 23:03:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/09/26 16:46:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ashampoo
[2010/04/11 09:52:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/29 18:22:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\EPSON
[2010/03/28 20:22:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ESET
[2010/04/15 11:52:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Installations
[2010/09/09 12:58:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\MagiCut
[2010/08/20 00:17:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/19 01:29:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Qarbon
[2010/05/04 00:42:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/20 00:14:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Samsung
[2010/08/22 01:54:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Sony
[2010/05/07 22:55:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TechSmith
[2010/09/30 20:33:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/29 18:19:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\UDL
[2010/05/20 14:58:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Vodafone
[2010/05/09 00:11:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\xilisoft
[2010/05/22 15:15:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{7269BE79-5722-4259-B764-61F0045B02FF}
[2010/08/27 08:12:51 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
[2010/04/20 23:04:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\ACD Systems
[2010/09/26 16:49:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Ashampoo
[2010/05/31 13:51:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Aston2
[2010/08/27 22:17:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Audacity
[2010/09/28 19:35:07 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Azureus
[2010/09/27 22:29:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2010/08/28 13:08:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\DPA Software
[2010/03/28 20:36:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\eBay
[2010/04/09 11:29:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\EPSON
[2010/06/26 10:31:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Facebook
[2010/08/20 00:30:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Free Sound Recorder
[2010/08/29 21:37:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Install
[2010/04/03 12:11:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\IrfanView
[2010/09/09 13:02:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\MagiCut6
[2010/04/09 00:21:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\mojosoft
[2010/08/20 00:17:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\PC Suite
[2010/08/22 01:59:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Publish Providers
[2010/04/19 01:29:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Qarbon
[2010/08/20 00:14:55 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Samsung
[2010/05/07 13:41:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\SignCut
[2010/09/05 13:47:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\SignGo
[2010/08/22 02:00:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Sony
[2010/04/04 14:56:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\TeamViewer
[2010/08/27 08:14:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Uniblue
[2010/05/20 14:59:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Vodafone
[2010/05/09 00:06:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Andy\Application Data\Z-Systems
[2010/09/30 02:07:04 | 000,000,330 | -H-- | M] () -- E:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/24 18:35:42 | 000,000,262 | ---- | M] () -- E:\WINDOWS\Tasks\RegistryBooster.job
[2010/08/27 08:13:21 | 000,000,376 | ---- | M] () -- E:\WINDOWS\Tasks\Uniblue DiskRescue 2009.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/03/28 17:36:46 | 047,594,848 | ---- | M] (Advanced Micro Devices, Inc.) -- E:\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/08/20 00:14:39 | 000,002,006 | ---- | M] () -- E:\aqua_bitmap.cpp
[2010/04/10 12:44:44 | 000,007,640 | ---- | M] () -- E:\InstallHelper.log
[2010/09/28 20:16:28 | 000,006,662 | ---- | M] () -- E:\JavaRa.log
[2010/08/21 20:51:28 | 2145,386,496 | -HS- | M] () -- E:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- E:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/03/28 14:06:33 | 000,000,067 | -HS- | M] () -- E:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2005/08/01 11:25:00 | 000,610,304 | ---- | M] (Sysinternals) -- E:\WINDOWS\SysInternals Bluescreen.scr
[2008/09/28 23:34:40 | 000,230,400 | ---- | M] (Realtime Soft Ltd) -- E:\WINDOWS\UltraMon.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WLXPGSS.SCR
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/08/29 15:48:22 | 000,008,134 | ---- | M] () -- E:\Program Files\irunin.bmp
[2010/08/29 15:48:22 | 000,215,727 | ---- | M] () -- E:\Program Files\irunin.dat
[2010/08/29 15:49:05 | 000,018,281 | ---- | M] () -- E:\Program Files\irunin.ini
[2010/08/29 15:48:22 | 000,015,938 | ---- | M] () -- E:\Program Files\irunin.lng
[2008/11/18 20:44:44 | 002,453,504 | ---- | M] () -- E:\Program Files\UltraMon_3.0.3_en_x32.msi

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/28 14:53:02 | 000,098,304 | ---- | M] () -- E:\WINDOWS\system32\config\default.sav
[2010/03/28 14:53:02 | 001,089,536 | ---- | M] () -- E:\WINDOWS\system32\config\software.sav
[2010/03/28 14:53:01 | 000,942,080 | ---- | M] () -- E:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/28 14:07:03 | 000,000,294 | -HS- | M] () -- E:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/28 14:15:20 | 000,000,119 | -HS- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/28 14:15:19 | 000,000,079 | ---- | M] () -- E:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/10/17 18:07:46 | 000,311,296 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\ActivationTool.exe
[2010/04/05 19:30:00 | 000,038,912 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\aston_2.00_KG.exe
[2010/03/23 21:46:43 | 016,194,111 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\Aston_setup_2.0.0.exe
[2007/03/29 12:09:00 | 021,377,783 | ---- | M] (Macrovision Corporation) -- E:\Documents and Settings\Andy\Desktop\Driver_ZC0301PLH_Vista_Setup_070329.exe
[2010/09/30 21:45:14 | 000,485,896 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\HAMeb_check.exe
[2005/09/13 18:00:00 | 000,055,296 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\keygen.exe
[2010/09/30 21:43:53 | 000,080,384 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\MBRCheck.exe
[2010/09/14 23:57:11 | 002,966,347 | ---- | M] (JOEXX ) -- E:\Documents and Settings\Andy\Desktop\MM-Exporter_233_Setup.exe
[2010/09/30 21:46:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Andy\Desktop\OTL.exe
[2010/04/08 16:27:08 | 003,172,060 | ---- | M] (Macrovision Corporation) -- E:\Documents and Settings\Andy\Desktop\PL2303_Prolific_DriverInstaller_v1210.exe
[2010/07/15 10:41:22 | 003,172,584 | ---- | M] (Macrovision Corporation) -- E:\Documents and Settings\Andy\Desktop\PL2303_Prolific_DriverInstaller_v130.exe
[2008/01/20 14:21:48 | 000,211,384 | ---- | M] (FdcSoft) -- E:\Documents and Settings\Andy\Desktop\PPCPimBackup.exe
[2010/09/30 21:44:28 | 000,133,632 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\RKUnhookerLE.EXE
[2003/03/23 04:21:00 | 000,036,864 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\SPVUnlock.exe
[2010/04/27 20:46:31 | 002,843,056 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\TeamViewer_Setup(4).exe
[2010/06/22 15:41:28 | 002,906,488 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\TeamViewer_Setup(5).exe
[2009/07/06 11:15:51 | 002,306,955 | ---- | M] () -- E:\Documents and Settings\Andy\Desktop\UltraMon_3.0.3_en_x32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/28 14:15:19 | 000,000,122 | -HS- | M] () -- E:\Documents and Settings\Andy\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/30 23:25:59 | 000,049,152 | ---- | M] () -- E:\Documents and Settings\Andy\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\inf\unregmp2.exe
[2006/06/25 07:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- E:\WINDOWS\inf\UpdateUSB.exe

< %SYSTEMROOT%\Installer\*.exe >
[2010/07/13 01:11:51 | 000,735,984 | ---- | M] (tzuk) -- E:\WINDOWS\Installer\SandboxieInstall32.exe
[1 E:\WINDOWS\Installer\*.tmp files -> E:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[1 E:\WINDOWS\Installer\*.tmp files -> E:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/05/09 14:10:36 | 000,001,078 | ---- | M] () -- E:\WINDOWS\system32\PXI.ico
[2005/08/28 20:51:42 | 000,000,766 | ---- | M] () -- E:\WINDOWS\system32\Uninstall.ico
[2010/02/11 15:19:44 | 000,028,809 | ---- | M] () -- E:\WINDOWS\system32\wpcs2k10.ico
[13 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/09/30 21:33:07 | 006,553,600 | ---- | M] () -- E:\Documents and Settings\Andy\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2002/06/07 04:00:00 | 000,028,160 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EPIBSR30.EXE
[2002/06/28 05:55:00 | 000,411,904 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
[2002/08/23 06:06:18 | 000,045,056 | ---- | M] (SEIKO EPSON Corporation) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EPUTIX24.EXE
[2008/09/12 01:11:00 | 000,483,328 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\EREGISTR.EXE
[1999/03/08 03:00:00 | 000,148,992 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_DMSG00.EXE
[2002/07/30 04:00:00 | 000,142,848 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_DPPE03.EXE
[2009/02/24 14:38:04 | 000,309,152 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA30.EXE
[2007/11/15 05:02:00 | 000,175,616 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTEKE.EXE
[2008/01/07 05:04:00 | 000,159,744 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNEKE.EXE
[2008/03/05 06:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEKE.EXE
[2007/12/17 01:03:00 | 000,177,152 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBCSEKE.EXE
[2008/03/31 10:25:00 | 000,105,984 | ---- | M] (SEIKO EPSON Corporation) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTEKE.EXE
[2009/05/21 07:05:00 | 000,808,888 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FINSEKE.EXE
[2009/03/10 04:00:00 | 000,204,800 | ---- | M] (SEIKO EPSON CORP.) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPREEKE.EXE
[2002/07/01 02:02:00 | 000,062,464 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S00RP2.EXE
[2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40RP7.EXE
[2007/12/17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- E:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40ST7.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/08/29 21:19:45 | 000,000,000 | ---D | M](E:\WINDOWS\System32\?) -- E:\WINDOWS\System32\
[2010/08/29 21:19:45 | 000,000,000 | ---D | C](E:\WINDOWS\System32\?) -- E:\WINDOWS\System32\

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> E:\Documents and Settings\All Users\DRM:مايكروسوفت
@Alternate Data Stream - 205 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

2010/10/04 22:17:17.0343 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/10/04 22:17:17.0343 ================================================================================
2010/10/04 22:17:17.0343 SystemInfo:
2010/10/04 22:17:17.0343
2010/10/04 22:17:17.0343 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/04 22:17:17.0343 Product type: Workstation
2010/10/04 22:17:17.0343 ComputerName: FRONTROOM
2010/10/04 22:17:17.0343 UserName: Andy
2010/10/04 22:17:17.0343 Windows directory: E:\WINDOWS
2010/10/04 22:17:17.0343 System windows directory: E:\WINDOWS
2010/10/04 22:17:17.0343 Processor architecture: Intel x86
2010/10/04 22:17:17.0343 Number of processors: 2
2010/10/04 22:17:17.0343 Page size: 0x1000
2010/10/04 22:17:17.0343 Boot type: Normal boot
2010/10/04 22:17:17.0343 ================================================================================
2010/10/04 22:17:17.0921 Initialize success
2010/10/04 22:17:28.0187 ================================================================================
2010/10/04 22:17:28.0187 Scan started
2010/10/04 22:17:28.0187 Mode: Manual;
2010/10/04 22:17:28.0187 ================================================================================
2010/10/04 22:17:28.0718 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/04 22:17:28.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/04 22:17:28.0843 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
2010/10/04 22:17:28.0953 AegisP (023867b6606fbabcdd52e089c4a507da) E:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/10/04 22:17:28.0984 AFD (322d0e36693d6e24a2398bee62a268cd) E:\WINDOWS\System32\drivers\afd.sys
2010/10/04 22:17:29.0250 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) E:\WINDOWS\system32\drivers\Ambfilt.sys
2010/10/04 22:17:29.0406 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys
2010/10/04 22:17:29.0500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/04 22:17:29.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/04 22:17:29.0968 ati2mtag (e43a7639be410b67059e48d3dd0ad405) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/10/04 22:17:30.0109 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) E:\WINDOWS\system32\drivers\AtiHdmi.sys
2010/10/04 22:17:30.0156 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/04 22:17:30.0187 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/04 22:17:30.0250 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
2010/10/04 22:17:30.0359 BT (43467de7db414ac70a88fc2fa0916ef3) E:\WINDOWS\system32\DRIVERS\btnetdrv.sys
2010/10/04 22:17:30.0406 Btcsrusb (e5fdcb01af073a653c55a77ad8ac8ecb) E:\WINDOWS\system32\Drivers\btcusb.sys
2010/10/04 22:17:30.0468 BthEnum (b279426e3c0c344893ed78a613a73bde) E:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/10/04 22:17:30.0562 BtHidBus (00d4ee3ea6f2713b2314a000ba3232dc) E:\WINDOWS\system32\Drivers\BtHidBus.sys
2010/10/04 22:17:30.0625 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) E:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/10/04 22:17:30.0656 BthPan (80602b8746d3738f5886ce3d67ef06b6) E:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/10/04 22:17:30.0703 BTHPORT (10b85171b90c449f8da71c2640b797e9) E:\WINDOWS\system32\Drivers\BTHport.sys
2010/10/04 22:17:30.0781 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) E:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/10/04 22:17:30.0859 btnetBUs (a57e73c28ccef938ba096aca63183388) E:\WINDOWS\system32\Drivers\btnetBus.sys
2010/10/04 22:17:30.0953 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) E:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2010/10/04 22:17:31.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/04 22:17:31.0250 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/04 22:17:31.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/04 22:17:31.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/04 22:17:31.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/04 22:17:31.0546 CH341SER (a3e467ef4a30ccf8ae674ac879cc56fe) E:\WINDOWS\system32\Drivers\CH341SER.SYS
2010/10/04 22:17:31.0828 dgderdrv (d0d4f3ca1d3a4400e1f40f36a800cd12) E:\WINDOWS\system32\drivers\dgderdrv.sys
2010/10/04 22:17:31.0875 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/04 22:17:31.0953 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
2010/10/04 22:17:32.0000 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
2010/10/04 22:17:32.0062 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
2010/10/04 22:17:32.0171 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
2010/10/04 22:17:32.0296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/04 22:17:32.0343 eamon (23a6e5a600d3743be536161e9c6f2043) E:\WINDOWS\system32\DRIVERS\eamon.sys
2010/10/04 22:17:32.0406 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) E:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2010/10/04 22:17:32.0484 easdrv (0ed4fa004a79e44df4dbdc85f44fc1fd) E:\WINDOWS\system32\DRIVERS\easdrv.sys
2010/10/04 22:17:32.0500 epfwtdir (ccfb3bb29c08fcab134f237743bb0311) E:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/10/04 22:17:32.0609 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/04 22:17:32.0656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/04 22:17:32.0671 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
2010/10/04 22:17:32.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/04 22:17:32.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/04 22:17:32.0812 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) E:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/10/04 22:17:32.0890 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) E:\WINDOWS\system32\FsUsbExDisk.SYS
2010/10/04 22:17:32.0968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/04 22:17:32.0984 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/04 22:17:33.0078 ftusb (cf3d36e8ef3118b2b50fc777bea3585b) E:\WINDOWS\system32\drivers\ftusb.sys
2010/10/04 22:17:33.0125 ftusbload (73a799cb0e6f5cc8bddb50392b8b7262) E:\WINDOWS\system32\drivers\ftusbload.sys
2010/10/04 22:17:33.0218 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/04 22:17:33.0328 GUCI_AVS (112405138d48ed3b63f0d61f7b588784) E:\WINDOWS\system32\DRIVERS\GUCI_AVS.sys
2010/10/04 22:17:33.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/04 22:17:33.0437 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/04 22:17:33.0515 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) E:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/04 22:17:33.0593 hwdatacard (2310ca92d37d97c9231adf1796b47b9d) E:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/10/04 22:17:33.0671 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/04 22:17:33.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/04 22:17:34.0078 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) E:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/04 22:17:34.0218 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/04 22:17:34.0265 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/04 22:17:34.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/04 22:17:34.0343 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/04 22:17:34.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/04 22:17:34.0500 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/04 22:17:34.0531 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/04 22:17:34.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/04 22:17:34.0625 iteraid (f03f1fea588c44115b40a5586a5af7cb) E:\WINDOWS\system32\DRIVERS\iteraid.sys
2010/10/04 22:17:34.0656 IvtBtBUs (01cbb39001afda1152f3fce15ab646ea) E:\WINDOWS\system32\Drivers\IvtBtBus.sys
2010/10/04 22:17:34.0703 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/04 22:17:34.0718 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/04 22:17:34.0890 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
2010/10/04 22:17:34.0953 KSecDD (1705745d900dabf2d89f90ebaddc7517) E:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/04 22:17:35.0046 L1e (964dadea4cce08f1de491e25ce50ba72) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2010/10/04 22:17:35.0171 MBAMProtector (6f1f7149df40199a8a0afba4862fd9d8) E:\WINDOWS\system32\drivers\mbam.sys
2010/10/04 22:17:35.0265 mcdbus (8fd868e32459ece2a1bb0169f513d31e) E:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/10/04 22:17:35.0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/04 22:17:35.0390 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
2010/10/04 22:17:35.0453 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys
2010/10/04 22:17:35.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/04 22:17:35.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/04 22:17:35.0656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/04 22:17:35.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/04 22:17:35.0781 MRxSmb (68755f0ff16070178b54674fe5b847b0) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/04 22:17:35.0828 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
2010/10/04 22:17:35.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/04 22:17:35.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/04 22:17:36.0031 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/04 22:17:36.0062 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/04 22:17:36.0109 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/04 22:17:36.0156 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/10/04 22:17:36.0234 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys
2010/10/04 22:17:36.0296 mv2 (a0f0b16316276017e682410b5612a707) E:\WINDOWS\system32\DRIVERS\mv2.sys
2010/10/04 22:17:36.0343 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/04 22:17:36.0406 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
2010/10/04 22:17:36.0453 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/04 22:17:36.0484 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/04 22:17:36.0515 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/04 22:17:36.0656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/04 22:17:36.0671 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/04 22:17:36.0687 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/04 22:17:36.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/04 22:17:36.0953 NetworkX (680bdb22ce2020b888a27e2244ce7438) E:\WINDOWS\system32\ckldrv.sys
2010/10/04 22:17:37.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
2010/10/04 22:17:37.0046 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/04 22:17:37.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
2010/10/04 22:17:37.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/04 22:17:37.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/04 22:17:37.0265 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) E:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/10/04 22:17:37.0328 NwlnkNb (56d34a67c05e94e16377c60609741ff8) E:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/10/04 22:17:37.0375 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) E:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/10/04 22:17:37.0437 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys
2010/10/04 22:17:37.0453 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/04 22:17:37.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/04 22:17:37.0625 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/10/04 22:17:37.0703 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/04 22:17:37.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/04 22:17:37.0937 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/04 22:17:38.0046 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) E:\WINDOWS\system32\drivers\PCTCore.sys
2010/10/04 22:17:38.0390 Pnp680r (a1d7a9214b71ebbb6f31cb84aac15525) E:\WINDOWS\system32\DRIVERS\pnp680r.sys
2010/10/04 22:17:38.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/04 22:17:38.0546 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/04 22:17:38.0609 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/04 22:17:38.0687 PxHelp20 (40fedd328f98245ad201cf5f9f311724) E:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/04 22:17:39.0171 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/04 22:17:39.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/04 22:17:39.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/04 22:17:39.0750 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/04 22:17:39.0812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/04 22:17:39.0906 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/04 22:17:40.0015 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/04 22:17:40.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/04 22:17:40.0281 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/04 22:17:40.0390 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) E:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/10/04 22:17:40.0593 RTL8187B (de4635e8b7975d2b5d961299469a7462) E:\WINDOWS\system32\DRIVERS\wg111v3.sys
2010/10/04 22:17:40.0687 SbieDrv (2cdab8553e703c7754be9ce1c4454eb5) E:\Program Files\Sandboxie\SbieDrv.sys
2010/10/04 22:17:40.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/04 22:17:40.0843 Ser2pl (b4664c1ee39a5b7fc112f4077f8d21a5) E:\WINDOWS\system32\DRIVERS\ser2pl.sys
2010/10/04 22:17:40.0921 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/04 22:17:40.0984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/04 22:17:41.0046 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/04 22:17:41.0125 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/04 22:17:41.0234 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
2010/10/04 22:17:41.0375 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/04 22:17:41.0468 Srv (5252605079810904e31c332e241cd59b) E:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/04 22:17:41.0531 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) E:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2010/10/04 22:17:41.0593 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) E:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2010/10/04 22:17:41.0781 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) E:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2010/10/04 22:17:41.0859 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) E:\WINDOWS\system32\DRIVERS\ss_bserd.sys
2010/10/04 22:17:41.0937 StarOpen (306521935042fc0a6988d528643619b3) E:\WINDOWS\system32\drivers\StarOpen.sys
2010/10/04 22:17:42.0078 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/04 22:17:42.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/04 22:17:42.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
2010/10/04 22:17:42.0515 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/04 22:17:42.0656 Tcpip (68f06fe0021b01e670af37b8c5964fdf) E:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/04 22:17:42.0718 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/04 22:17:42.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/04 22:17:42.0828 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) E:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
2010/10/04 22:17:42.0890 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/04 22:17:43.0078 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
2010/10/04 22:17:43.0187 UltraMonUtility (65b91dc137297451ab29f609da510fd9) E:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
2010/10/04 22:17:43.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
2010/10/04 22:17:43.0328 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/04 22:17:43.0453 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/04 22:17:43.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/04 22:17:43.0640 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/04 22:17:43.0718 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/04 22:17:43.0828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/04 22:17:43.0906 usbser (1c888b000c2f9492f4b15b5b6b84873e) E:\WINDOWS\system32\DRIVERS\usbser.sys
2010/10/04 22:17:44.0046 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/04 22:17:44.0203 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/04 22:17:44.0265 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) E:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/04 22:17:44.0359 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) E:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/10/04 22:17:44.0468 VComm (025c2a8cba0ab595d3461d278eff5793) E:\WINDOWS\system32\DRIVERS\VComm.sys
2010/10/04 22:17:44.0609 VcommMgr (95ddf14292354887d7d8c8a0881c7485) E:\WINDOWS\system32\Drivers\VcommMgr.sys
2010/10/04 22:17:44.0687 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
2010/10/04 22:17:44.0750 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/04 22:17:44.0828 vvftav303 (b952b84bf21c13027258a3f027511dda) E:\WINDOWS\system32\drivers\vvftav303.sys
2010/10/04 22:17:44.0984 wacmoumonitor (17bdade5a09d0b0f85f6fd95e3a68ecd) E:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2010/10/04 22:17:45.0062 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) E:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2010/10/04 22:17:45.0203 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) E:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2010/10/04 22:17:45.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/04 22:17:45.0515 wceusbsh (46a247f6617526afe38b6f12f5512120) E:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/10/04 22:17:45.0781 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/04 22:17:45.0968 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) E:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/10/04 22:17:46.0078 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) E:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/04 22:17:46.0234 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/04 22:17:46.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) E:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/04 22:17:46.0546 WudfRd (28b524262bce6de1f7ef9f510ba3985b) E:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/04 22:17:46.0921 ZSMC0303 (b250b8e44e6e05a0f237c258d0b7f10c) E:\WINDOWS\system32\Drivers\usbVM303.sys
2010/10/04 22:17:47.0015 ================================================================================
2010/10/04 22:17:47.0015 Scan finished
2010/10/04 22:17:47.0015 ================================================================================

Combofix ran in safe mode very quickly.

Body Background

skin color theme

computer intermittant

#1 ukracer

Advertisements

Register to Remove

#2 SweetTech

#3 ukracer

#4 SweetTech

#5 ukracer

#6 SweetTech

#7 ukracer

#8 SweetTech

#9 ukracer

#10 SweetTech

Advertisements

Register to Remove

#11 ukracer

#12 SweetTech

#13 ukracer

#14 SweetTech

#15 ukracer

Related Topics

2 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

computer intermittant

#1 ukracer

Advertisements Register to Remove

#2 SweetTech

#3 ukracer

#4 SweetTech

#5 ukracer

#6 SweetTech

#7 ukracer

#8 SweetTech

#9 ukracer

#10 SweetTech

Advertisements Register to Remove

#11 ukracer

#12 SweetTech

#13 ukracer

#14 SweetTech

#15 ukracer

Related Topics

2 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove