here are the two logs after the scan. thanks for ur help
OTL.Txt
OTL logfile created on: 19/07/2010 11:49:18 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
446.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 13.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 39.06 Gb Total Space | 0.63 Gb Free Space | 1.61% Space Free | Partition Type: NTFS
Drive D: | 35.46 Gb Total Space | 1.41 Gb Free Space | 3.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/07/19 11:43:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/07/14 16:06:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/07 12:52:58 | 003,065,160 | ---- | M] (Emsi Software GmbH) -- D:\Program Files\Emsisoft\Online Armor\oahlp.exe
PRC - [2010/07/07 12:52:54 | 006,854,984 | ---- | M] (Emsi Software GmbH) -- D:\Program Files\Emsisoft\Online Armor\oaui.exe
PRC - [2010/06/28 23:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- D:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/01/08 18:15:32 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/06 22:53:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- D:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2007/08/09 10:27:52 | 000,073,728 | ---- | M] (HP) -- D:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Downloads\Office12\GrooveMonitor.exe
PRC - [2004/08/04 02:56:50 | 001,402,880 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
========== Modules (SafeList) ========== MOD - [2010/07/19 11:43:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/07/07 12:52:56 | 000,947,016 | ---- | M] (Emsi Software GmbH) -- D:\Program Files\Emsisoft\Online Armor\oawatch.dll
MOD - [2005/12/15 08:57:46 | 000,029,184 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\dwmapi.dll
MOD - [2004/08/04 02:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 02:56:48 | 000,053,760 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\winsta.dll
MOD - [2004/08/04 02:56:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2004/08/04 02:56:48 | 000,018,432 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wtsapi32.dll
MOD - [2004/08/04 02:56:44 | 000,094,720 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\iphlpapi.dll
MOD - [2004/08/04 01:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.net-studio.org
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = search.net-studio.org
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
www.google.comIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginen
ame: "Search"
FF - prefs.js..browser.search.defaulturl: "
http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "
www.google.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {afb88f3b-ee71-b533-8433-2fc6c4aa8937}:4.6.6.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.1
FF - prefs.js..extensions.enabledItems:
[email protected]:0.7.1
FF - prefs.js..extensions.enabledItems:
[email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "
http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\extensions\\
[email protected]: D:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/07/15 09:53:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/07/14 16:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\
[email protected]: D:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009/07/27 22:33:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/07/18 16:42:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions
[2009/12/06 22:43:09 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{3EB3C1FE-4FED-4ef7-A78C-6616E2521FB5}
[2009/07/30 01:32:16 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{61511f82-5694-4c77-a030-874128bfa3bf}
[2009/12/06 22:43:10 | 000,000,000 | ---D | M] (NoScript) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/15 11:00:06 | 000,000,000 | ---D | M] (IE Tab) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/08/22 22:38:12 | 000,000,000 | ---D | M] (TV Center Toolbar) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{a7347e8c-1ca6-469b-951e-4a23c4437935}
[2010/05/07 13:06:00 | 000,000,000 | ---D | M] (Sothink Flash Downloader) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}
[2009/12/06 22:43:09 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/08/30 23:33:12 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/06 22:43:08 | 000,000,000 | ---D | M] (DownThemAll!) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/06 22:52:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/30 01:26:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\
[email protected][2009/07/30 01:32:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\
[email protected][2010/07/14 16:13:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\
[email protected][2009/12/06 22:43:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\SkipScreen@SkipScreen
[2010/07/14 16:13:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\staged-xpis
[2009/08/13 18:49:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\
[email protected][2009/12/06 22:43:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\
[email protected][2009/07/30 12:04:31 | 000,000,000 | ---D | M] -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\extensions\
[email protected][2009/08/31 00:19:52 | 000,002,119 | ---- | M] () -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\searchplugins\MyStart Search.xml
[2010/05/26 22:03:00 | 000,000,259 | ---- | M] () -- D:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\hpcq695o.default\searchplugins\Search.xml
[2010/07/18 16:42:55 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010/05/26 22:04:15 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- D:\Program Files\Mozilla Firefox\extensions\{afb88f3b-ee71-b533-8433-2fc6c4aa8937}
[2010/05/23 12:22:21 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/15 13:53:07 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/01/15 12:28:17 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- D:\Program Files\Mozilla Firefox\components\FFComm.dll
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/06/22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
O1 HOSTS File: ([2010/07/08 18:01:30 | 000,403,631 | R--- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
www.10sek.comO1 - Hosts: 127.0.0.1
www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 13982 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Downloads\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] D:\Program Files\Emsisoft\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Downloads\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NSLauncher] D:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Regedit32] D:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [syncman] D:\WINDOWS\System32\wuaucldt.exe File not found
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VIPv3_Auto_Update] D:\WINDOWS\VIPv3\CheckForUpdates.exe ()
O4 - HKCU..\Run: [RegGenie v2.1] D:\Program Files\RegGenie\RegGenieOnReboot.exe ()
O4 - HKCU..\Run: [RegGenie v2.1 - Trial Expired] D:\Program Files\RegGenie\RegGenieOnRebootExpired.exe ()
O4 - HKCU..\Run: [syncman] d:\documents and settings\user\wuaucldt.exe File not found
O4 - HKCU..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: D:\Documents and Settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Downloads\Office12\ONENOTEM.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Downloads\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Downloads\Office12\ONBttnIE.dll (Microsoft Corporation)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab (DLM Control)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A}
http://download09.managerzone.com/soccer-3d/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261713001484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275513616437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Downloads\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-mem1 {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - D:\WINDOWS\system32\wowctl2.dll (EzTools Software)
O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - D:\WINDOWS\system32\eztoolslib2.dll ()
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - D:\WINDOWS\system32\hsppp.dll (EzTools Software)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - D:\Program Files\Emsisoft\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Downloads\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/26 10:46:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{36a42a8f-bb3c-11de-8aac-101111111111}\Shell - "" = AutoRun
O33 - MountPoints2\{36a42a8f-bb3c-11de-8aac-101111111111}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4ff65b0-b544-11de-8aa7-101111111111}\Shell - "" = AutoRun
O33 - MountPoints2\{d4ff65b0-b544-11de-8aa7-101111111111}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B0087AEE-2CA7-4296-B0C3-663AA619DF1B} - Google Toolbar for Internet Explorer 8
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{41F02982-7E09-474B-AD97-649739052445} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - D:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ========== [2010/07/19 11:43:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2010/07/17 22:48:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Desktop\installs
[2010/07/16 15:01:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/16 15:01:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/07/16 15:01:17 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 12:24:49 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/07/15 21:20:25 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Skype
[2010/07/15 13:53:47 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010/07/15 13:53:04 | 000,153,376 | ---- | C] (Oracle) -- D:\WINDOWS\System32\javaws.exe
[2010/07/15 13:53:04 | 000,145,184 | ---- | C] (Oracle) -- D:\WINDOWS\System32\javaw.exe
[2010/07/15 13:53:04 | 000,145,184 | ---- | C] (Oracle) -- D:\WINDOWS\System32\java.exe
[2010/07/15 13:32:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2010/07/15 13:32:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/15 13:32:10 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware
[2010/07/15 09:06:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\OnlineArmor
[2010/07/15 09:06:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/07/15 09:00:52 | 000,236,104 | ---- | C] (Emsisoft) -- D:\WINDOWS\System32\drivers\OADriver.sys
[2010/07/15 09:00:52 | 000,028,232 | ---- | C] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAnet.sys
[2010/07/15 09:00:52 | 000,022,600 | ---- | C] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAmon.sys
[2010/07/15 09:00:40 | 000,000,000 | ---D | C] -- D:\Program Files\Emsisoft
[2010/07/15 08:47:08 | 000,017,744 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/15 08:47:07 | 000,165,456 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/15 08:47:06 | 000,023,376 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/15 08:47:04 | 000,046,672 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/15 08:47:00 | 000,100,176 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/15 08:47:00 | 000,094,544 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/15 08:46:57 | 000,028,880 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/15 08:46:14 | 000,038,848 | ---- | C] (ALWIL Software) -- D:\WINDOWS\avastSS.scr
[2010/07/15 08:46:12 | 000,165,032 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/07/15 08:45:48 | 000,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2010/07/15 08:45:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/09 22:42:33 | 000,397,312 | ---- | C] (Proland Software) -- D:\Documents and Settings\user\Desktop\cleantibs.exe
[2010/07/08 20:05:28 | 000,000,000 | ---D | C] -- D:\Program Files\CyberDefender
[2010/07/08 19:56:41 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Desktop\RegGenie.v2.0.Incl.Keygen
[2010/07/08 19:38:12 | 000,000,000 | ---D | C] -- D:\Program Files\RegGenie
[2010/07/04 11:20:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TrackMania
[2010/07/04 11:17:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\My Documents\TrackMania
[2010/07/04 11:01:14 | 000,000,000 | ---D | C] -- D:\Program Files\TmNationsForever
[2010/06/29 13:25:08 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\user\Recent
[2010/06/29 13:20:49 | 000,000,000 | ---D | C] -- D:\Program Files\CCleaner
[2010/06/29 11:26:16 | 000,000,000 | ---D | C] -- D:\WINDOWS\speech
[2010/06/29 11:20:30 | 000,000,000 | ---D | C] -- D:\Program Files\Golden Al-Wafi Translator
[2010/06/29 11:18:07 | 000,172,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\Setup1.exe
[2010/06/29 11:17:45 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\ST6UNST.EXE
[2010/06/29 10:43:55 | 000,042,000 | ---- | C] (CACE Technologies) -- D:\WINDOWS\System32\drivers\npf.sys
[2010/06/27 14:52:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NexonEU
[2010/06/27 11:26:49 | 000,000,000 | ---D | C] -- D:\Download
[2010/06/27 11:00:27 | 000,000,000 | ---D | C] -- D:\Nexon
[2010/06/27 10:59:35 | 000,421,888 | ---- | C] (NEXON Inc.) -- D:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
[2010/06/23 23:54:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\user\Application Data\PowerChallenge
[2010/05/29 13:36:42 | 000,018,944 | ---- | C] ( ) -- D:\WINDOWS\System32\Implode.dll
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/07/19 11:43:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\user\Desktop\OTL.exe
[2010/07/19 11:13:03 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 04:13:01 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/18 06:40:35 | 000,252,564 | ---- | M] () -- D:\Documents and Settings\user\Desktop\FHSetup.exe
[2010/07/17 23:06:28 | 000,000,298 | -HS- | M] () -- D:\WINDOWS\tasks\QNGLVAECT.job
[2010/07/17 23:06:28 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/07/17 23:06:01 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/07/17 22:16:02 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/07/17 22:04:27 | 010,747,904 | -H-- | M] () -- D:\Documents and Settings\user\NTUSER.DAT
[2010/07/17 22:04:27 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\user\ntuser.ini
[2010/07/16 15:01:57 | 000,000,706 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 12:25:31 | 000,002,445 | ---- | M] () -- D:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2010/07/15 16:56:13 | 001,402,880 | ---- | M] () -- D:\Documents and Settings\user\Desktop\HiJackThis.msi
[2010/07/15 13:32:14 | 000,001,688 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/15 09:04:56 | 000,437,878 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/07/15 09:04:55 | 000,069,808 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/07/15 08:47:10 | 000,001,710 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/15 08:47:02 | 000,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/07/13 11:37:10 | 000,001,739 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/09 22:42:37 | 000,397,312 | ---- | M] (Proland Software) -- D:\Documents and Settings\user\Desktop\cleantibs.exe
[2010/07/09 17:57:41 | 000,021,504 | ---- | M] () -- D:\WINDOWS\System32\ff4h.gy
[2010/07/09 01:16:16 | 000,329,888 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/08 19:58:51 | 000,083,976 | ---- | M] () -- D:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/08 19:38:22 | 000,000,710 | ---- | M] () -- D:\Documents and Settings\user\Desktop\RegGenie.lnk
[2010/07/08 18:01:30 | 000,403,631 | R--- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010/07/07 12:25:58 | 000,022,600 | ---- | M] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAmon.sys
[2010/07/07 12:25:42 | 000,028,232 | ---- | M] (Emsisoft) -- D:\WINDOWS\System32\drivers\OAnet.sys
[2010/07/07 12:25:38 | 000,236,104 | ---- | M] (Emsisoft) -- D:\WINDOWS\System32\drivers\OADriver.sys
[2010/07/06 12:42:14 | 000,000,001 | ---- | M] () -- D:\Documents and Settings\user\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/07/04 11:31:04 | 000,010,142 | ---- | M] () -- D:\Documents and Settings\user\Desktop\New Microsoft Office Word Document (2).docx
[2010/07/01 18:16:08 | 000,000,214 | ---- | M] () -- D:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/06/29 13:28:32 | 000,001,070 | ---- | M] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132829.reg
[2010/06/29 13:28:10 | 000,005,400 | ---- | M] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132805.reg
[2010/06/29 13:27:38 | 000,303,382 | ---- | M] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132710.reg
[2010/06/29 13:21:01 | 000,001,558 | ---- | M] () -- D:\Documents and Settings\user\Desktop\CCleaner.lnk
[2010/06/29 12:28:37 | 000,000,655 | ---- | M] () -- D:\WINDOWS\wafi2000.ini
[2010/06/29 11:59:29 | 000,001,555 | ---- | M] () -- D:\WINDOWS\ata live update.ini
[2010/06/29 11:18:07 | 000,172,032 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\Setup1.exe
[2010/06/29 11:17:45 | 000,073,216 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ST6UNST.EXE
[2010/06/28 23:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- D:\WINDOWS\avastSS.scr
[2010/06/28 23:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/06/28 23:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 23:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 23:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 23:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 23:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 23:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 23:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 11:33:53 | 000,000,004 | ---- | M] () -- D:\Documents and Settings\user\proxy_port
[2010/06/27 10:59:37 | 000,421,888 | ---- | M] (NEXON Inc.) -- D:\WINDOWS\NEXON_EU_DownloaderUpdater.exe
[2010/06/22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javaws.exe
[2010/06/22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javaw.exe
[2010/06/22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- D:\WINDOWS\System32\java.exe
[2010/06/22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- D:\WINDOWS\System32\deployJava1.dll
[2010/06/22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- D:\WINDOWS\System32\javacpl.cpl
[2 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/07/18 06:40:26 | 000,252,564 | ---- | C] () -- D:\Documents and Settings\user\Desktop\FHSetup.exe
[2010/07/16 15:01:57 | 000,000,706 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/16 12:24:55 | 000,002,445 | ---- | C] () -- D:\Documents and Settings\user\Desktop\HiJackThis.lnk
[2010/07/15 16:55:47 | 001,402,880 | ---- | C] () -- D:\Documents and Settings\user\Desktop\HiJackThis.msi
[2010/07/15 13:32:14 | 000,001,688 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/15 08:47:10 | 000,001,710 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/15 07:55:42 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\Startup.cpl
[2010/07/08 19:38:22 | 000,000,710 | ---- | C] () -- D:\Documents and Settings\user\Desktop\RegGenie.lnk
[2010/07/08 14:39:51 | 000,021,504 | ---- | C] () -- D:\WINDOWS\System32\ff4h.gy
[2010/07/04 11:29:14 | 000,010,142 | ---- | C] () -- D:\Documents and Settings\user\Desktop\New Microsoft Office Word Document (2).docx
[2010/07/01 18:16:08 | 000,002,101 | ---- | C] () -- D:\Documents and Settings\user\Application Data\HPSU_48BitScanUpdate.log
[2010/07/01 18:16:08 | 000,000,214 | ---- | C] () -- D:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/06/29 13:28:31 | 000,001,070 | ---- | C] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132829.reg
[2010/06/29 13:28:08 | 000,005,400 | ---- | C] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132805.reg
[2010/06/29 13:27:16 | 000,303,382 | ---- | C] () -- D:\Documents and Settings\user\My Documents\cc_20100629_132710.reg
[2010/06/29 13:21:00 | 000,001,558 | ---- | C] () -- D:\Documents and Settings\user\Desktop\CCleaner.lnk
[2010/06/29 11:59:29 | 000,001,555 | ---- | C] () -- D:\WINDOWS\ata live update.ini
[2010/06/28 11:33:53 | 000,000,004 | ---- | C] () -- D:\Documents and Settings\user\proxy_port
[2010/06/02 23:38:44 | 000,123,614 | ---- | C] () -- D:\WINDOWS\System32\drivers\NVCAP.SYS
[2010/05/31 12:02:50 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\nvRegDev.dll
[2010/05/30 23:51:18 | 000,182,275 | ---- | C] () -- D:\WINDOWS\System32\d3d10core.dll
[2010/05/30 23:51:18 | 000,124,931 | ---- | C] () -- D:\WINDOWS\System32\dxgi.dll
[2010/05/30 23:51:16 | 000,376,832 | ---- | C] () -- D:\WINDOWS\System32\M2000Twn.dll
[2010/05/30 23:51:16 | 000,169,984 | ---- | C] () -- D:\WINDOWS\System32\glut32.dll
[2010/05/30 23:51:16 | 000,169,984 | ---- | C] () -- D:\WINDOWS\System32\glut.dll
[2010/05/30 23:51:09 | 000,073,728 | ---- | C] () -- D:\WINDOWS\System32\CompressATI2.dll
[2010/05/29 13:36:48 | 000,864,256 | ---- | C] () -- D:\WINDOWS\System32\PGPDLL.dll
[2010/05/29 13:36:46 | 000,354,056 | ---- | C] () -- D:\WINDOWS\System32\Rivet200.dll
[2010/05/29 13:36:44 | 000,700,416 | ---- | C] () -- D:\WINDOWS\System32\eztoolslib2.dll
[2010/05/29 13:36:43 | 000,167,936 | ---- | C] () -- D:\WINDOWS\System32\DirWatcher.dll
[2010/05/29 13:36:43 | 000,159,744 | ---- | C] () -- D:\WINDOWS\System32\AESCrypt.dll
[2009/12/26 15:46:47 | 000,000,221 | ---- | C] () -- D:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/12/20 06:11:36 | 000,000,666 | ---- | C] () -- D:\WINDOWS\VisualTooltip.ini
[2009/09/30 13:21:00 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009/09/18 13:12:41 | 007,770,095 | ---- | C] () -- D:\WINDOWS\System32\VIPv3_EXT.dll
[2009/09/18 13:12:29 | 000,000,096 | ---- | C] () -- D:\WINDOWS\docs.ini
[2009/08/17 11:18:43 | 000,013,304 | ---- | C] () -- D:\WINDOWS\System32\drivers\BTNetFilter.sys
[2009/08/14 13:30:50 | 000,002,320 | ---- | C] () -- D:\WINDOWS\System32\Servmess.dll
[2009/08/12 12:58:49 | 000,011,860 | ---- | C] () -- D:\WINDOWS\System32\drivers\vbtenum.sys
[2008/12/07 12:44:54 | 000,030,088 | ---- | C] () -- D:\WINDOWS\System32\drivers\btnetBus.sys
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- D:\WINDOWS\System32\CddbCdda.dll
[2004/07/17 13:36:38 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys
[2001/12/18 11:10:40 | 000,000,655 | ---- | C] () -- D:\WINDOWS\wafi2000.ini
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- D:\WINDOWS\System32\hptcpmon.ini
========== Custom Scans ========== < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\*.exe /lockedfiles >[2 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >[2010/07/19 04:13:01 | 000,000,882 | ---- | M] ()
Unable to obtain MD5 -- D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 11:13:03 | 000,000,886 | ---- | M] ()
Unable to obtain MD5 -- D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010/07/17 23:06:28 | 000,000,298 | -HS- | M] ()
Unable to obtain MD5 -- D:\WINDOWS\Tasks\QNGLVAECT.job
< %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2009/07/26 13:25:46 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009/07/26 13:25:45 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009/07/26 13:25:45 | 000,888,832 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.sys >[2001/08/23 18:00:00 | 000,009,029 | ---- | M] () -- D:\WINDOWS\system32\ansi.sys
[2001/08/23 18:00:00 | 000,027,097 | ---- | M] () -- D:\WINDOWS\system32\country.sys
[2001/08/23 18:00:00 | 000,004,768 | ---- | M] () -- D:\WINDOWS\system32\himem.sys
[2001/08/23 18:00:00 | 000,042,809 | ---- | M] () -- D:\WINDOWS\system32\key01.sys
[2004/08/04 00:46:56 | 000,042,537 | ---- | M] () -- D:\WINDOWS\system32\keyboard.sys
[2001/08/23 18:00:00 | 000,027,866 | ---- | M] () -- D:\WINDOWS\system32\ntdos.sys
[2001/08/23 18:00:00 | 000,029,146 | ---- | M] () -- D:\WINDOWS\system32\ntdos404.sys
[2001/08/23 18:00:00 | 000,029,370 | ---- | M] () -- D:\WINDOWS\system32\ntdos411.sys
[2001/08/23 18:00:00 | 000,029,274 | ---- | M] () -- D:\WINDOWS\system32\ntdos412.sys
[2001/08/23 18:00:00 | 000,029,146 | ---- | M] () -- D:\WINDOWS\system32\ntdos804.sys
[2004/08/04 00:45:10 | 000,033,840 | ---- | M] () -- D:\WINDOWS\system32\ntio.sys
[2004/08/04 00:45:16 | 000,034,560 | ---- | M] () -- D:\WINDOWS\system32\ntio404.sys
[2004/08/04 00:45:12 | 000,035,648 | ---- | M] () -- D:\WINDOWS\system32\ntio411.sys
[2004/08/04 00:45:16 | 000,035,424 | ---- | M] () -- D:\WINDOWS\system32\ntio412.sys
[2004/08/04 00:45:14 | 000,034,560 | ---- | M] () -- D:\WINDOWS\system32\ntio804.sys
[2004/08/04 01:07:34 | 000,017,664 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\watchdog.sys
[2004/08/04 01:17:42 | 001,835,904 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\win32k.sys
[2 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\drivers\*.dll >[2010/02/11 07:19:08 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\drivers\ati2erec.dll
[2002/09/18 02:11:02 | 000,077,824 | R--- | M] (Socket Communications Inc.) -- D:\WINDOWS\system32\drivers\SioUi2k.dll
[2004/08/04 00:56:48 | 000,053,760 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\vfwwdm32.dll
< %systemroot%\system32\drivers\*.ini > < %systemroot%\system32\drivers\*.exe >[2002/09/23 02:30:48 | 000,040,960 | R--- | M] (Socket Communications Inc.) -- D:\WINDOWS\system32\drivers\SCTray.exe
< %SYSTEMDRIVE%\*.* >[2007/07/31 21:18:42 | 000,233,839 | ---- | M] () -- D:\ .zip
[2007/12/10 21:33:07 | 000,000,000 | ---- | M] () -- D:\03767.3gp
[2007/12/09 13:43:55 | 000,000,020 | ---- | M] () -- D:\24492.3gp
[2007/12/10 21:33:32 | 000,000,000 | ---- | M] () -- D:\28934.3gp
[2007/12/10 21:33:28 | 000,000,000 | ---- | M] () -- D:\30798.3gp
[2007/12/09 13:42:50 | 000,000,020 | ---- | M] () -- D:\61530.3gp
[2007/12/10 21:33:24 | 001,384,975 | ---- | M] () -- D:\63118.3gp
[2007/12/10 21:33:12 | 000,000,000 | ---- | M] () -- D:\67351.3gp
[2007/12/10 21:33:00 | 000,000,000 | ---- | M] () -- D:\67888.3gp
[2008/10/31 20:40:30 | 001,788,826 | ---- | M] () -- D:\apQuran.rar
[1994/09/05 00:59:54 | 000,075,290 | ---- | M] () -- D:\BACK_W.WAV
[2007/06/07 19:32:34 | 000,000,064 | ---- | M] () -- D:\BC31CASE.INI
[2010/01/15 11:10:19 | 000,137,972 | ---- | M] () -- D:\BdUninstallTool2010.01.15-11.09.35.log
[2010/01/15 11:10:19 | 000,000,038 | ---- | M] () -- D:\BdUninstallTool2010.01.15-11.09.35.reg
[2008/08/14 16:58:37 | 000,098,304 | ---- | M] () -- D:\BK02.BOK
[2008/08/14 16:58:37 | 000,000,128 | ---- | M] () -- D:\BK02.ldb
[2007/08/18 19:56:27 | 002,841,600 | ---- | M] () -- D:\clinic.doc
[1999/09/05 17:01:54 | 000,162,326 | ---- | M] () -- D:\clock.wav
[2007/03/19 22:04:34 | 000,016,826 | -H-- | M] () -- D:\COD001OU.GID
[1999/06/23 13:13:30 | 000,604,538 | ---- | M] () -- D:\eff01.avi
[1999/06/23 12:23:56 | 000,273,558 | ---- | M] () -- D:\eff02.avi
[1999/06/23 12:36:34 | 000,098,218 | ---- | M] () -- D:\eff03.avi
[1999/06/23 12:43:16 | 000,104,456 | ---- | M] () -- D:\eff04.avi
[1999/06/23 12:47:14 | 000,085,920 | ---- | M] () -- D:\eff05.avi
[1999/06/23 12:53:26 | 000,106,074 | ---- | M] () -- D:\eff06.avi
[1999/06/23 12:58:22 | 000,289,972 | ---- | M] () -- D:\eff07.avi
[1999/06/23 13:27:22 | 000,030,780 | ---- | M] () -- D:\eff08.avi
[1999/06/23 13:43:34 | 000,087,956 | ---- | M] () -- D:\eff09.avi
[1999/06/23 13:48:44 | 000,137,152 | ---- | M] () -- D:\eff10.avi
[1999/06/29 13:58:22 | 000,044,926 | ---- | M] () -- D:\eff11.avi
[2002/02/19 13:28:26 | 000,001,988 | ---- | M] () -- D:\EXIT.GIF
[2002/02/19 13:28:40 | 000,002,005 | ---- | M] () -- D:\EXIT1.GIF
[1999/09/08 12:43:00 | 000,057,654 | ---- | M] () -- D:\finish.bmp
[2008/03/28 09:19:44 | 000,340,992 | ---- | M] () -- D:\game.doc
[2008/08/14 16:58:13 | 000,000,064 | ---- | M] () -- D:\GAMES_01.ldb
[2008/08/14 16:58:13 | 000,688,128 | ---- | M] () -- D:\GAMES_01.MDB
[2008/01/02 11:11:36 | 000,110,080 | ---- | M] () -- D:\generals.doc
[1999/10/01 01:18:22 | 000,007,350 | ---- | M] () -- D:\HELP.TXT
[2008/10/31 20:52:55 | 000,423,515 | ---- | M] () -- D:\hqmp3.zip
[2008/10/16 22:54:53 | 002,587,728 | ---- | M] () -- D:\ica32t.exe
[2009/02/22 22:15:26 | 001,211,904 | ---- | M] () -- D:\ict.doc
[2010/07/16 22:29:52 | 000,012,145 | ---- | M] () -- D:\JavaRa.log
[1999/08/31 16:27:18 | 002,409,486 | ---- | M] () -- D:\join_snd.wav
[1999/09/04 16:07:22 | 000,485,182 | ---- | M] () -- D:\let_wav.wav
[1999/06/05 13:17:20 | 000,057,654 | ---- | M] () -- D:\L_E.BMP
[2009/06/08 07:37:32 | 025,740,144 | ---- | M] () -- D:\m1.exe
[2003/03/10 16:49:00 | 000,940,544 | ---- | M] () -- D:\MAALEM.DOC
[2005/09/06 18:39:54 | 001,019,904 | ---- | M] (NIPPON INSTRUMENTS) -- D:\Md.exe
[2002/02/19 13:32:18 | 000,016,260 | ---- | M] () -- D:\NAME.GIF
[2008/10/06 10:35:54 | 000,290,304 | ---- | M] () -- D:\New Microsoft Word Document.doc
[1999/03/01 10:42:02 | 000,412,693 | ---- | M] () -- D:\NIC.HLP
[1999/09/04 16:05:54 | 000,430,590 | ---- | M] () -- D:\num_wav.wav
[2010/07/17 23:05:54 | 4194,304,000 | -HS- | M] () -- D:\pagefile.sys
[2002/02/19 13:36:24 | 000,001,292 | ---- | M] () -- D:\PAUSE.GIF
[2002/02/19 13:37:20 | 000,001,279 | ---- | M] () -- D:\PAUSE1.GIF
[2002/02/19 13:38:56 | 000,001,371 | ---- | M] () -- D:\PLAY.GIF
[2002/02/19 13:39:20 | 000,001,372 | ---- | M] () -- D:\PLAY1.GIF
[1999/07/17 16:24:04 | 000,020,238 | ---- | M] () -- D:\qrn_back.bmp
[2008/10/31 21:18:52 | 016,145,083 | ---- | M] () -- D:\QuranSetup1.exe
[2005/04/21 00:41:04 | 001,478,656 | ---- | M] (و يرزقه من حيث لا يحتسب) -- D:\Quran_CD5.exe
[2007/05/10 16:24:03 | 006,952,448 | ---- | M] () -- D:\Scrap.shs
[2009/07/24 01:07:41 | 000,000,000 | ---- | M] () -- D:\sdsetup.exe
[2003/07/29 09:38:28 | 166,326,409 | ---- | M] (Indigo Rose Corporation
http://www.indigorose.com) -- D:\setup.exe
[2009/07/24 01:10:34 | 004,930,976 | ---- | M] () -- D:\spv41.zip
[2008/03/04 21:29:14 | 000,008,146 | ---- | M] () -- D:\ST5UNST.LOG
[2007/10/26 06:21:32 | 000,004,199 | ---- | M] () -- D:\ST6UNST.LOG
[2002/02/19 13:40:14 | 000,001,382 | ---- | M] () -- D:\STOP.GIF
[2002/02/19 13:40:38 | 000,001,383 | ---- | M] () -- D:\STOP1.GIF
[1999/08/30 12:55:16 | 000,080,972 | ---- | M] () -- D:\TASFEEK.WAV
[2007/10/20 06:16:55 | 000,060,928 | ---- | M] () -- D:\Title and backgrounds[1].doc
[2009/02/28 22:33:17 | 000,026,624 | ---- | M] () -- D:\To dedicate to those diverse deities.doc
[2008/01/02 11:14:47 | 000,009,378 | ---- | M] () -- D:\untitled.bmp
[1999/09/05 17:05:10 | 000,296,358 | ---- | M] () -- D:\wait_s.wav
[2009/02/28 16:06:59 | 007,803,496 | ---- | M] () -- D:\wordweb5.exe
[2005/04/20 17:33:52 | 006,955,008 | ---- | M] () -- D:\ZI112.GIF
[2009/02/28 22:33:17 | 000,000,162 | -H-- | M] () -- D:\~$ dedicate to those diverse deities.doc
< %PROGRAMFILES%\*. >[2010/06/09 21:59:45 | 000,000,000 | ---D | M] -- D:\Program Files\A-PDF Password Security
[2010/06/09 22:31:17 | 000,000,000 | ---D | M] -- D:\Program Files\A-PDF Restrictions Remover
[2010/05/01 17:15:48 | 000,000,000 | ---D | M] -- D:\Program Files\Adobe
[2010/06/29 12:40:09 | 000,000,000 | ---D | M] -- D:\Program Files\Advanced Registry Optimizer
[2010/07/15 08:45:48 | 000,000,000 | ---D | M] -- D:\Program Files\Alwil Software
[2009/07/28 11:51:36 | 000,000,000 | ---D | M] -- D:\Program Files\AskBarDis
[2010/06/03 07:29:46 | 000,000,000 | ---D | M] -- D:\Program Files\ASTRA32
[2010/06/19 08:23:36 | 000,000,000 | ---D | M] -- D:\Program Files\ATI Technologies
[2010/01/15 11:20:06 | 000,000,000 | ---D | M] -- D:\Program Files\BitDefender
[2006/04/25 20:48:29 | 000,000,000 | ---D | M] -- D:\Program Files\Business Objects
[2010/06/29 13:21:01 | 000,000,000 | ---D | M] -- D:\Program Files\CCleaner
[2009/10/09 09:36:11 | 000,000,000 | ---D | M] -- D:\Program Files\Citrix
[2009/09/30 17:24:06 | 000,000,000 | ---D | M] -- D:\Program Files\Click-2U
[2010/07/15 21:20:25 | 000,000,000 | ---D | M] -- D:\Program Files\Common Files
[2009/07/26 10:41:36 | 000,000,000 | ---D | M] -- D:\Program Files\ComPlus Applications
[2010/07/08 20:05:28 | 000,000,000 | ---D | M] -- D:\Program Files\CyberDefender
[2009/12/26 09:21:39 | 000,000,000 | ---D | M] -- D:\Program Files\Daydream Software
[2010/05/01 20:32:00 | 000,000,000 | ---D | M] -- D:\Program Files\DDC Testing Center v3
[2009/09/25 15:25:17 | 000,000,000 | ---D | M] -- D:\Program Files\DIFX
[2010/05/31 09:38:23 | 000,000,000 | ---D | M] -- D:\Program Files\directx
[2009/08/07 17:15:56 | 000,000,000 | ---D | M] -- D:\Program Files\DivX
[2010/06/02 23:05:49 | 000,000,000 | ---D | M] -- D:\Program Files\Driver Checker
[2010/07/15 09:00:40 | 000,000,000 | ---D | M] -- D:\Program Files\Emsisoft
[2010/06/29 12:26:05 | 000,000,000 | ---D | M] -- D:\Program Files\Golden Al-Wafi Translator
[2010/06/02 23:07:45 | 000,000,000 | ---D | M] -- D:\Program Files\Google
[2009/08/22 23:38:36 | 000,000,000 | ---D | M] -- D:\Program Files\GuidedWays
[2009/12/26 15:42:06 | 000,000,000 | ---D | M] -- D:\Program Files\HP
[2010/06/29 13:04:59 | 000,000,000 | -H-D | M] -- D:\Program Files\InstallShield Installation Information
[2009/08/20 17:25:27 | 000,000,000 | ---D | M] -- D:\Program Files\Internet Explorer
[2010/07/15 13:52:58 | 000,000,000 | ---D | M] -- D:\Program Files\Java
[2009/08/20 16:43:02 | 000,000,000 | ---D | M] -- D:\Program Files\jre
[2010/05/30 23:51:09 | 000,000,000 | ---D | M] -- D:\Program Files\KM-Software
[2010/07/16 15:12:06 | 000,000,000 | ---D | M] -- D:\Program Files\Malwarebytes' Anti-Malware
[2009/07/26 19:08:15 | 000,000,000 | ---D | M] -- D:\Program Files\Messenger
[2009/10/10 23:50:21 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft
[2009/07/26 10:46:42 | 000,000,000 | ---D | M] -- D:\Program Files\microsoft frontpage
[2010/01/29 14:13:41 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Office
[2009/10/14 18:30:47 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Silverlight
[2009/08/07 16:49:02 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Visual Studio
[2009/08/07 16:49:53 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft Works
[2009/08/07 16:47:30 | 000,000,000 | ---D | M] -- D:\Program Files\Microsoft.NET
[2009/07/27 11:57:04 | 000,000,000 | ---D | M] -- D:\Program Files\Movie Maker
[2010/07/14 16:06:50 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox
[2009/08/20 17:38:55 | 000,000,000 | ---D | M] -- D:\Program Files\MSBuild
[2009/07/26 10:40:03 | 000,000,000 | ---D | M] -- D:\Program Files\MSN
[2009/07/26 10:41:01 | 000,000,000 | ---D | M] -- D:\Program Files\MSN Gaming Zone
[2009/08/20 17:23:38 | 000,000,000 | ---D | M] -- D:\Program Files\MSXML 6.0
[2009/08/12 19:42:46 | 000,000,000 | ---D | M] -- D:\Program Files\NCC Education
[2009/08/07 16:27:16 | 000,000,000 | ---D | M] -- D:\Program Files\NCH Software
[2009/07/27 11:57:03 | 000,000,000 | ---D | M] -- D:\Program Files\NetMeeting
[2009/09/25 15:40:28 | 000,000,000 | ---D | M] -- D:\Program Files\Nokia
[2009/11/06 22:52:38 | 000,000,000 | ---D | M] -- D:\Program Files\NOS
[2009/07/26 10:44:29 | 000,000,000 | ---D | M] -- D:\Program Files\Online Services
[2009/07/27 11:57:04 | 000,000,000 | ---D | M] -- D:\Program Files\Outlook Express
[2009/09/25 15:24:54 | 000,000,000 | ---D | M] -- D:\Program Files\PC Connectivity Solution
[2010/06/03 06:35:09 | 000,000,000 | ---D | M] -- D:\Program Files\PC Drivers HeadQuarters
[2010/06/09 22:20:23 | 000,000,000 | ---D | M] -- D:\Program Files\PDF Password Unlocker
[2009/07/28 13:10:43 | 000,000,000 | ---D | M] -- D:\Program Files\Philips
[2009/09/30 13:07:27 | 000,000,000 | ---D | M] -- D:\Program Files\PowerISO
[2009/08/22 23:14:16 | 000,000,000 | ---D | M] -- D:\Program Files\Quran_AR
[2010/06/03 07:24:16 | 000,000,000 | ---D | M] -- D:\Program Files\RadarSync
[2009/09/22 20:37:17 | 000,000,000 | ---D | M] -- D:\Program Files\Real
[2009/12/25 07:32:13 | 000,000,000 | ---D | M] -- D:\Program Files\Realtek
[2009/12/25 07:17:20 | 000,000,000 | ---D | M] -- D:\Program Files\Realtek AC97
[2009/08/20 17:38:30 | 000,000,000 | ---D | M] -- D:\Program Files\Reference Assemblies
[2010/07/08 19:59:52 | 000,000,000 | ---D | M] -- D:\Program Files\RegGenie
[2009/07/27 11:57:09 | 000,000,000 | ---D | M] -- D:\Program Files\SCANVIEW
[2009/07/28 13:33:40 | 000,000,000 | R--D | M] -- D:\Program Files\Skype
[2010/07/15 14:07:43 | 000,000,000 | ---D | M] -- D:\Program Files\Spyware Doctor
[2010/07/15 13:32:59 | 000,000,000 | ---D | M] -- D:\Program Files\SUPERAntiSpyware
[2010/06/03 00:01:00 | 000,000,000 | ---D | M] -- D:\Program Files\SystemRequirementsLab
[2010/07/04 11:14:56 | 000,000,000 | ---D | M] -- D:\Program Files\TmNationsForever
[2010/07/16 12:24:49 | 000,000,000 | ---D | M] -- D:\Program Files\Trend Micro
[2009/12/25 20:47:03 | 000,000,000 | ---D | M] -- D:\Program Files\TryMedia
[2009/08/12 19:43:31 | 000,000,000 | -H-D | M] -- D:\Program Files\Uninstall Information
[2010/05/28 10:45:28 | 000,000,000 | ---D | M] -- D:\Program Files\uTorrent
[2009/07/31 14:02:55 | 000,000,000 | ---D | M] -- D:\Program Files\VideoLAN
[2009/08/03 22:18:15 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Live
[2010/06/15 11:06:40 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Live Safety Center
[2009/08/03 22:18:01 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Live SkyDrive
[2009/09/18 13:17:00 | 000,000,000 | ---D | M] -- D:\Program Files\Windows Media Player
[2009/07/27 11:57:10 | 000,000,000 | ---D | M] -- D:\Program Files\Windows NT
[2009/07/26 10:44:34 | 000,000,000 | -H-D | M] -- D:\Program Files\WindowsUpdate
[2009/08/07 17:02:27 | 000,000,000 | ---D | M] -- D:\Program Files\WinRAR
[2009/07/26 10:46:42 | 000,000,000 | ---D | M] -- D:\Program Files\xerox
[2009/08/20 16:43:11 | 000,000,000 | -H-D | M] -- D:\Program Files\Zero G Registry
< %appdata%\*.* >[2009/07/29 08:57:18 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\user\Application Data\bcrypt.html
[2009/07/26 13:27:45 | 000,000,062 | -HS- | M] () -- D:\Documents and Settings\user\Application Data\desktop.ini
[2010/07/01 18:16:29 | 000,002,101 | ---- | M] () -- D:\Documents and Settings\user\Application Data\HPSU_48BitScanUpdate.log
[2009/10/03 16:30:32 | 000,124,766 | ---- | M] () -- D:\Documents and Settings\user\Application Data\NMM-MetaData.db
[2009/12/26 15:47:05 | 000,261,746 | ---- | M] () -- D:\Documents and Settings\user\Application Data\Update_HP_RedboxHprblog_HPSU.log
< MD5 for: AGP440.SYS >[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: DISK.SYS >[2004/08/04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 00:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- D:\WINDOWS\system32\drivers\disk.sys
< MD5 for: EVENTLOG.DLL >[2004/08/04 02:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >[2004/08/04 02:56:46 | 000,407,040 | ---- | M] (Mic
