VIRY.CZ

Dobry den, poprosil bych o kontrolu logu. Nemam sice s pc zadny problem, ale behem poslednich dvou tydnu jsem navstivil par stranek ktere by mohly obsahovat urcity spyware. Instaloval jsem i par aplikaci ktere by tez mohly obsahovat nejake viry.

Prosim o kontrolu a navod jak se zbavit vsech znamek po Hotbaru a MyWebSearch Toolbaru. Dekuji

###

Logfile of random's system information tool 1.06 (written by random/random)
Run by stream at 2010-05-11 15:15:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (5%) free of 107 GB
Total RAM: 1983 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:08, on 11/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\AOL\1198952913\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Alpha Clock\aclock.exe
C:\Program Files\Wakoopa\Wakoopa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\Windows Update.exe
C:\Program Files\MyLifeOrganized.net\MLO\mlo.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Weather Clock\WeatherClock.exe
C:\Program Files\Weather Clock\WClock.exe
C:\Documents and Settings\stream\Desktop\RSIT.exe
C:\Program Files\trend micro\stream.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... fxO2jgr6Eg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\stream\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Mini Site Templates Toolbar - {c36c216f-519d-41ac-8e5a-08b401da1c3f} - C:\Program Files\Mini_Site_Templates\tbMini.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\stream\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Mini Site Templates Toolbar - {c36c216f-519d-41ac-8e5a-08b401da1c3f} - C:\Program Files\Mini_Site_Templates\tbMini.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Mini Site Templates Toolbar - {c36c216f-519d-41ac-8e5a-08b401da1c3f} - C:\Program Files\Mini_Site_Templates\tbMini.dll
O3 - Toolbar: Digsby Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198952913\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\stream\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Windows Updater] "C:\WINDOWS\system32\Windows Update.exe"
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: HappyFish.lnk = C:\Program Files\ThirstyCrow\HappyFish\HappyFish.exe
O4 - Startup: MyLife Organized.lnk = C:\Program Files\MyLifeOrganized.net\MLO\mlo.exe
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2010033006
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\stream\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EBCBEBC-A81E-4E7D-A5AD-C70FF67CEF9E}: NameServer = 213.94.190.235,213.94.190.195
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10738 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-412668190-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-412668190-682003330-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\stream\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-10-05 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2010-01-26 1303888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c36c216f-519d-41ac-8e5a-08b401da1c3f}]
Mini Site Templates Toolbar - C:\Program Files\Mini_Site_Templates\tbMini.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Digsby Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-27 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F385C231-605B-4d8f-ACA9-DBFF765BBE17}]
Adblock Pro - C:\Program Files\Adblock Pro\AdblockPro.dll [2008-04-07 458752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2010-01-26 1303888]
{c36c216f-519d-41ac-8e5a-08b401da1c3f} - Mini Site Templates Toolbar - C:\Program Files\Mini_Site_Templates\tbMini.dll [2010-03-17 2355224]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Digsby Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-27 61952]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-11-01 307200]
"HostManager"=C:\Program Files\Common Files\AOL\1198952913\ee\AOLSoftware.exe [2006-11-14 50736]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-23 81920]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2005-12-13 91136]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-23 8478720]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-29 198160]
"ShaPlus Bandwidth Meter"=C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter /s []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2007-12-30 1365504]
"Citrus Alarm Clock"=C:\Program Files\Citrus Alarm Clock\citrusac.exe [2001-10-21 513024]
"Alpha Clock"=C:\Program Files\Alpha Clock\aclock.exe [2003-10-23 69120]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2009-10-08 5662720]
"Wakoopa"=C:\Program Files\Wakoopa\Wakoopa.exe [2009-03-25 573440]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\stream\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-18 135664]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"WordWeb"=C:\Program Files\WordWeb\wweb32.exe [2009-11-08 65216]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Windows Updater"=C:\WINDOWS\system32\Windows Update.exe [2010-05-10 540672]
"Weather Clock"= []
"WeatherClock"=C:\Program Files\Weather Clock\WeatherClock.exe [2010-01-31 2243072]

C:\Documents and Settings\stream\Start Menu\Programs\Startup
HappyFish.lnk - C:\Program Files\ThirstyCrow\HappyFish\HappyFish.exe
MyLife Organized.lnk - C:\Program Files\MyLifeOrganized.net\MLO\mlo.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-11-21 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Documents and Settings\stream\Desktop\qip_infinum9000\infium.exe"="C:\Documents and Settings\stream\Desktop\qip_infinum9000\infium.exe:*:Enabled:QIP Infium Beta"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Steam\steamapps\harmonic_33\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\harmonic_33\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Look@LAN\LookAtHost.exe"="C:\Program Files\Look@LAN\LookAtHost.exe:*:Enabled:Look@HOST"
"C:\Program Files\Look@LAN\LookAtLan.exe"="C:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN"
"C:\Games\Half-Life\hl.exe"="C:\Games\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\HALF LIFE COMPIL N°1\hl.exe"="C:\Games\HALF LIFE COMPIL N°1\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Clear FTP 2006\clearftp.exe"="C:\Program Files\Clear FTP 2006\clearftp.exe:*:Enabled:clearftp"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-05-11 15:04:28 ----D---- C:\Documents and Settings\stream\Application Data\Weather Clock
2010-05-11 15:04:27 ----D---- C:\Program Files\Weather Clock
2010-05-11 14:56:15 ----D---- C:\WINDOWS\LastGood
2010-05-11 14:53:35 ----SHD---- C:\Config.Msi
2010-05-11 14:41:49 ----A---- C:\WINDOWS\system32\log 11.05.2010_02.41.txt
2010-05-10 21:59:21 ----D---- C:\Program Files\Lead Samurai
2010-05-10 21:58:38 ----A---- C:\WINDOWS\system32\log 10.05.2010_09.58.txt
2010-05-10 21:58:38 ----A---- C:\WINDOWS\system32\ddfger.dll
2010-05-10 21:58:37 ----A---- C:\WINDOWS\system32\Windows Update.exe
2010-05-10 21:00:32 ----D---- C:\Google Sniper
2010-05-10 19:28:11 ----A---- C:\WINDOWS\XMailer.INI
2010-05-10 19:21:18 ----D---- C:\Program Files\fec
2010-05-10 19:00:35 ----D---- C:\Program Files\FBP - Facebook Blaster Pro
2010-05-06 23:26:55 ----D---- C:\Program Files\SendBlaster
2010-05-05 00:00:14 ----D---- C:\Program Files\DAEMON Tools Lite
2010-05-04 23:59:56 ----D---- C:\Documents and Settings\stream\Application Data\DAEMON Tools Lite
2010-05-04 23:59:53 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-05-04 19:35:15 ----D---- C:\Program Files\Morgan
2010-05-02 16:49:35 ----D---- C:\Documents and Settings\stream\Application Data\Grasssoft
2010-05-02 16:49:26 ----D---- C:\Documents and Settings\All Users\Application Data\Grasssoft
2010-05-02 16:49:22 ----D---- C:\Program Files\GrassSoft
2010-04-30 18:09:50 ----D---- C:\Documents and Settings\stream\Application Data\Digsby
2010-04-30 18:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\Digsby
2010-04-30 18:09:17 ----D---- C:\Program Files\Ask.com
2010-04-30 18:07:34 ----D---- C:\Program Files\Digsby
2010-04-29 15:26:54 ----D---- C:\Program Files\MyLifeOrganized.net
2010-04-29 15:19:22 ----D---- C:\Program Files\AllMyNotes Organizer
2010-04-29 12:42:42 ----D---- C:\DESKTOP
2010-04-27 00:23:04 ----D---- C:\Documents and Settings\stream\Application Data\DVDVideoSoftIEHelpers
2010-04-27 00:22:42 ----D---- C:\Program Files\DVDVideoSoft
2010-04-27 00:22:42 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-04-25 16:36:12 ----D---- C:\Documents and Settings\All Users\Application Data\HotbarSA
2010-04-25 16:36:12 ----D---- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2010-04-25 16:36:10 ----D---- C:\Documents and Settings\stream\Application Data\WeatherDPA
2010-04-25 16:36:02 ----D---- C:\Program Files\Hotbar
2010-04-20 21:58:31 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-20 00:57:34 ----D---- C:\Documents and Settings\stream\Application Data\CoffeeCup Software
2010-04-20 00:52:36 ----A---- C:\WINDOWS\system32\BORLNDMM.DLL
2010-04-20 00:43:11 ----D---- C:\Program Files\CoffeeCup Software
2010-04-17 21:08:05 ----D---- C:\Program Files\I Koder
2010-04-17 13:36:59 ----D---- C:\Documents and Settings\stream\Application Data\mIRC
2010-04-16 08:56:09 ----D---- C:\Program Files\Email Address Extractor
2010-04-15 23:49:59 ----D---- C:\Documents and Settings\All Users\Application Data\Lencom
2010-04-15 23:49:17 ----D---- C:\Documents and Settings\stream\Application Data\Lencom
2010-04-15 23:49:13 ----D---- C:\Program Files\Lencom Software Inc
2010-04-15 23:49:13 ----D---- C:\Program Files\Common Files\LencomShare
2010-04-15 09:32:12 ----D---- C:\Program Files\Torrent Assault
2010-04-15 00:23:17 ----D---- C:\Program Files\Desktop Notepad
2010-04-14 03:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 03:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 03:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-11 15:16:05 ----D---- C:\Program Files\trend micro
2010-05-11 15:13:33 ----D---- C:\WINDOWS
2010-05-11 15:13:31 ----D---- C:\WINDOWS\Temp
2010-05-11 15:12:31 ----RD---- C:\Program Files
2010-05-11 15:12:31 ----D---- C:\WINDOWS\system32
2010-05-11 15:11:54 ----D---- C:\Program Files\Spyware Terminator
2010-05-11 15:11:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-05-11 14:59:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-11 14:58:28 ----D---- C:\Documents and Settings\stream\Application Data\Spyware Terminator
2010-05-11 14:58:00 ----D---- C:\Program Files\WinUHA
2010-05-11 14:56:45 ----D---- C:\Program Files\QIP Infium
2010-05-11 14:55:56 ----SHD---- C:\WINDOWS\Installer
2010-05-11 14:55:13 ----D---- C:\WINDOWS\Prefetch
2010-05-11 14:54:21 ----D---- C:\Program Files\Hide My IP 2009
2010-05-11 14:53:16 ----D---- C:\Program Files\Common Files
2010-05-11 14:51:47 ----D---- C:\Program Files\Clear FTP 2006
2010-05-11 14:51:46 ----D---- C:\Documents and Settings\stream\Application Data\Micropro
2010-05-11 14:46:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-11 14:45:13 ----A---- C:\WINDOWS\wincmd.ini
2010-05-11 14:41:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-11 14:39:13 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-11 14:38:59 ----D---- C:\Documents and Settings\stream\Application Data\uTorrent
2010-05-11 14:37:54 ----D---- C:\Documents and Settings\stream\Application Data\foobar2000
2010-05-11 00:31:15 ----D---- C:\Downloads
2010-05-10 21:52:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-10 19:02:17 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-05-10 08:06:23 ----D---- C:\Documents and Settings\stream\Application Data\skypePM
2010-05-10 07:36:05 ----D---- C:\Documents and Settings\stream\Application Data\Skype
2010-05-09 16:30:52 ----D---- C:\# TEMP #
2010-05-09 11:41:58 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-05-07 13:08:58 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2010-05-06 03:02:21 ----RSD---- C:\WINDOWS\assembly
2010-05-06 03:01:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-05 00:21:47 ----A---- C:\WINDOWS\ODBC.INI
2010-05-05 00:20:17 ----D---- C:\Program Files\Microsoft Office
2010-05-05 00:18:24 ----D---- C:\WINDOWS\system
2010-05-05 00:14:14 ----HD---- C:\WINDOWS\inf
2010-05-05 00:08:45 ----A---- C:\WINDOWS\m3jpeg.ini
2010-05-04 17:42:10 ----A---- C:\WINDOWS\system32\msvcsv60.dll
2010-05-04 17:38:10 ----D---- C:\Documents and Settings\stream\Application Data\Sony
2010-05-04 17:33:18 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2010-05-04 17:32:49 ----D---- C:\Program Files\Sony
2010-05-03 11:25:39 ----D---- C:\# MY BUSINESS #
2010-04-30 18:09:24 ----SD---- C:\WINDOWS\Tasks
2010-04-18 15:49:13 ----D---- C:\Documents and Settings\stream\Application Data\Keyword Research Pro
2010-04-14 03:03:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 03:03:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 03:03:29 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-03-29 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 75856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-03-29 42912]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-03-29 94544]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2003-03-31 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2003-03-31 55936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-03-29 23152]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2007-10-07 822272]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-07-27 581632]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM); C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 102528]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-08-23 6844864]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 ajx855wj;ajx855wj; C:\WINDOWS\system32\drivers\ajx855wj.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\stream\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys [2006-05-13 88960]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer; C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 ute3ntiz;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\ute3ntiz.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 FileObjInfo;STFileDriver; \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-03-29 17272]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-03-29 144760]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-27 152984]
R2 MAudioUSBService;M-Audio USB Installer; C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 49152]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-23 155716]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-03-29 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-03-29 345464]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím


Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/05/2010 18:03:12
mbam-log-2010-05-11 (18-03-12).txt

Scan type: Full scan (C:\|)
Objects scanned: 356597
Time elapsed: 2 hour(s), 22 minute(s), 40 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 57
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 37

Memory Processes Infected:
C:\WINDOWS\system32\Windows Update.exe (Password.Stealer) -> No action taken.

Memory Modules Infected:
c:\program files\Hotbar\bin\11.0.175.0\hotbarsahook.dll (Adware.Hotbar) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\hotbarweather.weathercontroller.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.info (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.info.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ktssleay80_0.9.8.2.dll (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.
C:\Program Files\Hotbar (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\bin (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\bin\11.0.175.0 (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\stream\Application Data\WeatherDPA (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.

Files Infected:
C:\Documents and Settings\stream\PRO-ver355.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\stream\Local Settings\temp\nsb3F.tmp\Install.dll (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\stream\Local Settings\temp\nsj3B.tmp\Install.dll (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\stream\My Documents\Downloads\MyFunCardsSetup2.3.67.1.ZUman000.exe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\AAS\Lounge Lizard 3.0\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\Arturia\Arp2600 V\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\Arturia\Moog Modular V 2\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\Atari\Temple of Elemental Evil\TOEE.EXE (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Native Instruments\XPress Keyboards\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\EDIROL\Hyper Canvas DXi\Edirol Hyper Canvas Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\Steinberg\Cubase SX 3\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\VSTplugins\Audio Damage\907uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\VSTplugins\Audio Damage\dubuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\VSTplugins\Audiorealism\Bassline Pro\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\VSTplugins\LinPlug Instruments\Saxlab Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\VSTplugins\NovationBassStation\bassuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Program Files\KORG\KORG Legacy DIGITAL\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Games\HALF LIFE COMPIL N°1\gearbox\Dq2249.icd (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{C606CE5E-2182-4FFD-BC2E-99AE8F8D64C3}\RP630\A0159092.exe (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{C606CE5E-2182-4FFD-BC2E-99AE8F8D64C3}\RP642\A0161779.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{C606CE5E-2182-4FFD-BC2E-99AE8F8D64C3}\RP642\A0161780.exe (Trojan.Agent.CK) -> No action taken.
C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSA.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\Hotbar\bin\11.0.175.0\HotbarSAHook.dll (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> No action taken.
C:\WINDOWS\system32\ktlibeay80_0.9.8.2.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ktssleay80_0.9.8.2.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\Windows Update.exe (Password.Stealer) -> No action taken.

Vše, co našel MBAM smažte a restartujte PC.


Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte, poté do spodního políčka vložte následující skript.

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

OTL logfile created on: 11/05/2010 20:34:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\stream\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.17 Gb Total Space | 4.69 Gb Free Space | 4.50% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 2.48 Gb Free Space | 32.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 88.64 Gb Free Space | 9.52% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STREAM98
Current User Name: stream
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/11 20:33:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stream\Desktop\OTL.exe
PRC - [2010/04/05 11:25:34 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/01/31 23:48:00 | 002,243,072 | ---- | M] (Respect Soft) -- C:\Program Files\Weather Clock\WeatherClock.exe
PRC - [2010/01/31 23:22:36 | 000,094,208 | ---- | M] () -- C:\Program Files\Weather Clock\WClock.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/06/30 18:38:28 | 003,919,872 | ---- | M] (mylifeorganized.net) -- C:\Program Files\MyLifeOrganized.net\MLO\mlo.exe
PRC - [2009/06/29 21:53:25 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/25 14:40:14 | 000,573,440 | ---- | M] (Wakoopa) -- C:\Program Files\Wakoopa\Wakoopa.exe
PRC - [2008/11/06 14:06:32 | 000,151,552 | ---- | M] (ShaPlus Software) -- C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
PRC - [2008/10/28 18:45:02 | 000,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/29 18:37:02 | 000,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/03/29 18:36:22 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/03/29 18:30:47 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/03/29 18:11:18 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007/12/30 11:23:34 | 001,365,504 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
PRC - [2007/06/06 07:00:00 | 001,074,896 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2006/11/14 15:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1198952913\ee\aolsoftware.exe
PRC - [2005/12/13 11:39:34 | 000,091,136 | ---- | M] (M-Audio, an Avid Technology, Inc. company) -- C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
PRC - [2005/12/02 10:20:46 | 000,049,152 | ---- | M] (M-Audio) -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
PRC - [2005/11/01 01:00:00 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2003/10/23 05:17:06 | 000,069,120 | ---- | M] () -- C:\Program Files\Alpha Clock\aclock.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 20:33:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stream\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/09/27 13:40:14 | 000,488,523 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2007/07/11 16:06:58 | 000,042,672 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll
MOD - [2007/07/11 16:06:58 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll


========== Win32 Services (SafeList) ==========

SRV - [2008/03/29 18:37:02 | 000,144,760 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/03/29 18:36:22 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/03/29 18:30:47 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/03/29 18:11:18 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005/12/02 10:20:46 | 000,049,152 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe -- (MAudioUSBService)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2010/05/05 00:01:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/27 17:46:15 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ute3ntiz.sys -- (ute3ntiz)
DRV - [2008/04/15 20:04:45 | 000,012,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kwflower.log -- (kwflower)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/29 18:35:49 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/03/29 18:35:21 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2008/03/29 18:31:34 | 000,075,856 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2008/03/29 18:29:08 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/03/29 18:27:33 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2008/03/29 18:26:52 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/01/16 09:58:58 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2007/10/07 15:30:58 | 000,822,272 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/08/23 23:15:00 | 006,844,864 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/06 12:27:32 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/03/06 12:27:28 | 000,058,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/02/16 08:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/13 17:52:56 | 000,088,960 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2005/12/13 11:39:54 | 000,102,528 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mausb.sys -- (MAUSB) Service for M-Audio Fast Track Pro Driver (WDM)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2003/03/31 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... fxO2jgr6Eg
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\stream\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\..\URLSearchHook: {c36c216f-519d-41ac-8e5a-08b401da1c3f} - C:\Program Files\Mini_Site_Templates\tbMini.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1960408961-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.4.9
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.2
FF - prefs.js..extensions.enabledItems: goog@ind.net:2.4
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.5
FF - prefs.js..extensions.enabledItems: webrank-toolbar@probcomp.com:2.1
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.0.145
FF - prefs.js..extensions.enabledItems: {cdd4ec87-8e25-4b42-b8fb-484fdd6a2131}:0.22
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: lintasnusa@gmail.com:1.2


FF - HKLM\software\mozilla\Firefox\Extensions\\Hotbar@Hotbar.com: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/01 22:17:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/11 14:53:16 | 000,000,000 | ---D | M]

[2010/04/03 19:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Extensions
[2010/04/03 19:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stream\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/05/11 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions
[2010/04/28 17:53:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/11 20:23:05 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/04/09 00:22:21 | 000,000,000 | ---D | M] (Sage) -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2010/04/27 00:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/05/06 09:14:46 | 000,000,000 | ---D | M] (CPALead Ticker) -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\{cdd4ec87-8e25-4b42-b8fb-484fdd6a2131}
[2010/05/11 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com
[2010/03/15 18:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\goog@ind.net
[2010/05/07 23:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\lintasnusa@gmail.com
[2010/05/11 20:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\rankchecker@seobook.com
[2010/05/07 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net
[2010/03/14 19:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com
[2010/05/01 22:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com
[2010/04/07 23:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\webrank-toolbar@probcomp.com
[2010/03/22 20:48:27 | 000,002,240 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\searchplugins\google-trends.xml
[2010/05/11 20:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 23:50:22 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll

O1 HOSTS File: ([2010/03/13 01:41:23 | 000,000,722 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.micronichefinder.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\stream\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Mini Site Templates Toolbar) - {c36c216f-519d-41ac-8e5a-08b401da1c3f} - C:\Program Files\Mini_Site_Templates\tbMini.dll (Conduit Ltd.)
O2 - BHO: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Adblock Pro) - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Mini Site Templates Toolbar) - {c36c216f-519d-41ac-8e5a-08b401da1c3f} - C:\Program Files\Mini_Site_Templates\tbMini.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1960408961-412668190-682003330-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1960408961-412668190-682003330-1003\..\Toolbar\WebBrowser: (Mini Site Templates Toolbar) - {C36C216F-519D-41AC-8E5A-08B401DA1C3F} - C:\Program Files\Mini_Site_Templates\tbMini.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1960408961-412668190-682003330-1003\..\Toolbar\WebBrowser: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198952913\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (M-Audio, an Avid Technology, Inc. company)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ShaPlus Bandwidth Meter] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [Alpha Clock] C:\Program Files\Alpha Clock\aclock.exe ()
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe (Mark McIntyre)
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [Infium] C:\Program Files\QIP Infium\infium.exe (QIP)
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe (Wakoopa)
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [Weather Clock] File not found
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe (Respect Soft)
O4 - HKU\S-1-5-21-1960408961-412668190-682003330-1003..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\stream\Start Menu\Programs\Startup\HappyFish.lnk = C:\Program Files\ThirstyCrow\HappyFish\HappyFish.exe File not found
O4 - Startup: C:\Documents and Settings\stream\Start Menu\Programs\Startup\MyLife Organized.lnk = C:\Program Files\MyLifeOrganized.net\MLO\mlo.exe (mylifeorganized.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-412668190-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files\Adblock Pro\blockimg.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\stream\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O9 - Extra 'Tools' menuitem : Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll (Adblock Pro Team)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\stream\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\stream\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/14 02:37:58 | 000,000,000 | ---D | M] - C:\Auto Content Cash -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe "\??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat,) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/23 16:19:38 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/11 20:32:03 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\stream\Desktop\OTL.exe
[2010/05/11 15:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Site Sniper Pro
[2010/05/11 15:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager
[2010/05/11 15:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\Malwarebytes
[2010/05/11 15:36:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/11 15:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/11 15:36:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/11 15:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/11 15:13:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\stream\Recent
[2010/05/11 15:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\Weather Clock
[2010/05/11 15:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Weather Clock
[2010/05/11 14:53:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/10 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Lead Samurai
[2010/05/10 21:00:32 | 000,000,000 | ---D | C] -- C:\Google Sniper
[2010/05/10 19:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\fec
[2010/05/10 19:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\FBP - Facebook Blaster Pro
[2010/05/10 18:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Desktop\BHStorm2
[2010/05/10 15:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Desktop\Top Technics
[2010/05/09 12:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Desktop\Gmail Maker
[2010/05/06 23:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\SendBlaster
[2010/05/05 00:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/05/04 23:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\DAEMON Tools Lite
[2010/05/04 23:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/04 19:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Morgan
[2010/05/02 16:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\Grasssoft
[2010/05/02 16:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grasssoft
[2010/05/02 16:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\GrassSoft
[2010/05/01 16:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Local Settings\Application Data\AskToolbar
[2010/04/30 18:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\My Documents\Digsby Logs
[2010/04/30 18:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Local Settings\Application Data\Digsby
[2010/04/30 18:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\Digsby
[2010/04/30 18:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Digsby
[2010/04/30 18:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/30 18:07:34 | 000,000,000 | ---D | C] -- C:\Program Files\Digsby
[2010/04/30 16:10:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Desktop\FB
[2010/04/29 15:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\MyLifeOrganized.net
[2010/04/29 15:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\My Documents\MyLifeOrganized
[2010/04/29 15:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\AllMyNotes Organizer
[2010/04/29 12:42:42 | 000,000,000 | ---D | C] -- C:\DESKTOP
[2010/04/27 00:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\DVDVideoSoftIEHelpers
[2010/04/27 00:22:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\My Documents\DVDVideoSoft
[2010/04/27 00:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/04/27 00:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/04/25 09:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Desktop\YT_LoopHole Videos
[2010/04/20 21:58:31 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/20 00:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\My Documents\CoffeeCup Software
[2010/04/20 00:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\CoffeeCup Software
[2010/04/20 00:52:36 | 000,018,944 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\BORLNDMM.DLL
[2010/04/20 00:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2010/04/17 21:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\I Koder
[2010/04/17 13:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\mIRC
[2010/04/17 12:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Desktop\Email Lists
[2010/04/16 17:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Desktop\portablevv07.ucoz.ru
[2010/04/16 17:58:01 | 009,017,390 | ---- | C] (AtomPark Software) -- C:\Documents and Settings\stream\Desktop\Atomic Email Hunter.exe
[2010/04/16 08:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Email Address Extractor
[2010/04/15 23:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2010/04/15 23:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Local Settings\Application Data\Xenocode
[2010/04/15 23:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\Application Data\Lencom
[2010/04/15 23:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LencomShare
[2010/04/15 23:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lencom Software Inc
[2010/04/15 09:32:12 | 000,000,000 | ---D | C] -- C:\Program Files\Torrent Assault
[2010/04/15 09:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stream\My Documents\Torrent Assault
[2010/04/15 00:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Notepad
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/11 20:33:23 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stream\Desktop\OTL.exe
[2010/05/11 20:19:03 | 000,459,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/11 20:19:03 | 000,078,942 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/11 20:19:01 | 000,548,386 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/11 20:18:30 | 000,005,616 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010/05/11 20:16:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/11 20:16:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 20:16:18 | 2079,244,288 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/11 20:14:22 | 007,602,176 | ---- | M] () -- C:\Documents and Settings\stream\ntuser.dat
[2010/05/11 20:07:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-412668190-682003330-1003UA.job
[2010/05/11 20:01:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/11 18:58:21 | 000,008,513 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\donuts.JPG
[2010/05/11 15:58:08 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Site Sniper Pro.lnk
[2010/05/11 15:36:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 14:45:01 | 000,006,533 | ---- | M] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb
[2010/05/11 14:42:32 | 000,006,533 | ---- | M] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb - backup 10-05-11.ddb
[2010/05/11 14:41:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/11 06:07:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-412668190-682003330-1003Core.job
[2010/05/10 21:59:22 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lead Samurai.lnk
[2010/05/10 21:58:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ddfger.dll
[2010/05/10 20:09:02 | 000,976,538 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\newblackhatcash.pdf
[2010/05/10 19:36:10 | 000,018,712 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\All-StarsT.rar
[2010/05/10 19:28:11 | 000,000,458 | ---- | M] () -- C:\WINDOWS\XMailer.INI
[2010/05/10 19:21:19 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\Super Email Sender.lnk
[2010/05/10 19:02:57 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FBP - Facebook Blaster Pro.lnk
[2010/05/10 19:02:17 | 000,034,308 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/05/10 16:38:35 | 000,036,779 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\juno.m3u
[2010/05/09 11:41:58 | 000,001,515 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010/05/09 10:41:01 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\stream\Start Menu\Programs\Startup\MyLife Organized.lnk
[2010/05/09 01:35:28 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\stream\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 13:13:53 | 000,006,533 | ---- | M] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb - backup 10-05-07.ddb
[2010/05/07 12:56:35 | 000,002,629 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\SoftwareSubmitterPro.lnk
[2010/05/06 10:53:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/05 00:21:47 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/05 00:14:23 | 000,006,533 | ---- | M] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb - backup 10-05-05.ddb
[2010/05/05 00:08:45 | 000,000,650 | ---- | M] () -- C:\WINDOWS\m3jpeg.ini
[2010/05/05 00:01:21 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/04 17:42:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/05/04 17:42:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/05/04 17:42:10 | 000,000,032 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/05/04 17:38:02 | 000,002,532 | ---- | M] () -- C:\Documents and Settings\stream\My Documents\Register Vegas.htm
[2010/05/04 17:33:40 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas 7.0.lnk
[2010/05/04 01:16:29 | 000,012,182 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\fb.csv
[2010/05/03 11:25:39 | 000,043,892 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\tasker.ml
[2010/05/01 21:53:37 | 005,038,333 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\Internet_Success_Manual.pdf
[2010/04/30 18:09:42 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\Digsby.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 15:26:55 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\MyLife Organized.lnk
[2010/04/29 02:08:15 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\Google Chrome.lnk
[2010/04/28 23:34:31 | 000,508,143 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\1900.jpeg
[2010/04/27 20:36:51 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\Windows Movie Maker.lnk
[2010/04/27 00:24:26 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\Free YouTube Uploader.lnk
[2010/04/27 00:24:19 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\Free YouTube Download.lnk
[2010/04/23 00:45:19 | 000,015,013 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\n1602932230_5748.jpg
[2010/04/19 16:43:27 | 000,001,373 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/04/17 19:08:06 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\stream\Desktop\AdWords Editor.lnk
[2010/04/15 23:50:03 | 000,099,227 | ---- | M] () -- C:\Program Files\Common Files\Engines.lnl
[2010/04/15 09:32:15 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Torrent Assault.lnk
[2010/04/14 23:27:33 | 000,000,040 | ---- | M] () -- C:\forestgreen.frg
[2010/04/14 23:26:19 | 000,000,002 | ---- | M] () -- C:\boot.int
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/11 18:58:21 | 000,008,513 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\donuts.JPG
[2010/05/11 15:58:08 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Site Sniper Pro.lnk
[2010/05/11 15:36:57 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/11 14:42:32 | 000,006,533 | ---- | C] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb - backup 10-05-11.ddb
[2010/05/10 21:59:22 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lead Samurai.lnk
[2010/05/10 21:58:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ddfger.dll
[2010/05/10 20:07:53 | 000,976,538 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\newblackhatcash.pdf
[2010/05/10 19:56:53 | 004,665,263 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\bhcodeguide.pdf
[2010/05/10 19:36:10 | 000,018,712 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\All-StarsT.rar
[2010/05/10 19:28:11 | 000,000,458 | ---- | C] () -- C:\WINDOWS\XMailer.INI
[2010/05/10 19:21:19 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\Super Email Sender.lnk
[2010/05/10 19:00:36 | 000,002,321 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FBP - Facebook Blaster Pro.lnk
[2010/05/09 10:41:01 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\stream\Start Menu\Programs\Startup\MyLife Organized.lnk
[2010/05/07 13:13:53 | 000,006,533 | ---- | C] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb - backup 10-05-07.ddb
[2010/05/05 00:14:23 | 000,006,533 | ---- | C] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb - backup 10-05-05.ddb
[2010/05/04 17:38:02 | 000,002,532 | ---- | C] () -- C:\Documents and Settings\stream\My Documents\Register Vegas.htm
[2010/05/04 17:33:40 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas 7.0.lnk
[2010/05/01 21:52:45 | 005,038,333 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\Internet_Success_Manual.pdf
[2010/04/30 18:09:42 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\Digsby.lnk
[2010/04/30 18:09:24 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/04/29 18:02:12 | 000,012,182 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\fb.csv
[2010/04/29 16:07:02 | 000,043,892 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\tasker.ml
[2010/04/29 15:26:55 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\MyLife Organized.lnk
[2010/04/29 15:19:32 | 000,006,533 | ---- | C] () -- C:\Documents and Settings\stream\My Documents\AllMyNotes Documents.ddb
[2010/04/28 23:34:29 | 000,508,143 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\1900.jpeg
[2010/04/27 20:36:51 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\Windows Movie Maker.lnk
[2010/04/27 00:24:26 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\Free YouTube Uploader.lnk
[2010/04/27 00:24:19 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\Free YouTube Download.lnk
[2010/04/23 00:45:18 | 000,015,013 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\n1602932230_5748.jpg
[2010/04/15 09:32:15 | 000,002,014 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Torrent Assault.lnk
[2010/04/14 23:26:19 | 000,000,040 | ---- | C] () -- C:\forestgreen.frg
[2010/04/14 23:26:19 | 000,000,002 | ---- | C] () -- C:\boot.int
[2010/04/14 18:21:29 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\stream\Desktop\Rank Decoding Engine.exe
[2010/03/31 20:06:52 | 000,002,455 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2010/01/22 23:04:16 | 000,000,650 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2009/12/23 20:16:18 | 000,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2009/12/12 00:07:56 | 000,000,525 | ---- | C] () -- C:\WINDOWS\KeywordsAnalyzer.INI
[2009/11/27 17:46:13 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\ute3ntiz.sys
[2009/11/21 20:51:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/11/19 18:50:21 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/11/12 00:19:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/10/15 18:14:34 | 000,000,060 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/10/04 13:01:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2009/05/03 18:00:08 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/05/03 18:00:08 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/05/03 18:00:08 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/01/30 18:56:59 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/10/02 13:17:23 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SQ.INI
[2008/09/19 04:43:27 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2008/08/15 21:51:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/16 21:40:13 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/09 20:47:58 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/02/15 19:05:43 | 000,000,032 | ---- | C] () -- C:\WINDOWS\ODOMETER.INI
[2008/01/24 20:28:58 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2008/01/10 14:33:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/12 19:22:00 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2007/10/10 13:04:30 | 000,001,515 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007/10/09 01:23:49 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/07 16:03:19 | 000,005,616 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/10/07 15:07:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/07 15:07:26 | 000,001,816 | ---- | C] () -- C:\WINDOWS\System32\nvprfctr.ini
[2007/06/06 17:58:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\ktzlib80.dll
[2006/07/20 20:58:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/20 20:58:00 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/20 20:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/20 20:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/04/28 11:39:45 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2005/10/14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004/06/10 22:14:07 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\imsisp.dll
[2004/06/10 22:14:07 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\imslevel.dll

========== LOP Check ==========

[2008/12/11 20:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/02/23 17:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/23 17:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2008/11/04 17:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/01/11 19:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/15 18:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConMet
[2010/05/05 00:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/11 14:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grasssoft
[2007/10/09 16:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2008/10/01 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2010/03/31 20:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LangSoft
[2008/10/30 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/04/15 23:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2010/03/13 01:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2009/01/12 20:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/02/26 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/04/03 18:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PY_Software
[2010/05/04 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/07 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/05/11 15:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/05/11 20:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/12 20:23:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0D1E323F-9D1D-410B-9F3E-FBF24ECC2B05}
[2009/01/12 20:23:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
[2009/01/12 20:23:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D6072FCA-C57E-4A39-92CE-3ABE6C6D694B}
[2008/12/11 20:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Ableton
[2010/02/23 17:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\acccore
[2009/03/18 18:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Adblock Pro
[2009/10/30 17:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Applied Acoustics Systems
[2008/10/12 17:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Audacity
[2008/11/04 17:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Azureus
[2009/12/04 21:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\BlogDesk
[2010/04/20 00:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\CoffeeCup Software
[2009/10/15 18:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\ConMet
[2010/05/05 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\DAEMON Tools Lite
[2009/09/18 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\DMCache
[2010/04/27 00:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\DVDVideoSoftIEHelpers
[2009/11/22 00:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\ElevatedDiagnostics

[2010/05/11 20:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\foobar2000
[2010/05/02 16:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Grasssoft
[2009/09/18 18:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\IDM
[2007/10/07 17:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\IrfanView
[2008/06/29 16:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Jpeg Resampler
[2008/04/15 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Kerio
[2010/04/18 15:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Keyword Research Pro
[2008/10/01 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\KORG
[2010/03/31 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\LangSoft
[2009/04/29 14:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Leadertech
[2010/04/16 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Lencom
[2010/05/11 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Micropro
[2009/04/14 14:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\MxBoost
[2007/10/07 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\NetMedia Providers
[2007/10/07 12:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Opera
[2009/02/10 15:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Progeny
[2007/10/07 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Publish Providers
[2009/01/11 23:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\REAPER
[2008/04/09 18:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\RegClean
[2010/05/04 17:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Sony
[2007/10/07 18:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Sony Setup
[2010/05/11 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Spyware Terminator
[2008/09/01 19:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Steinberg
[2009/09/22 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\SystemRequirementsLab
[2010/05/11 14:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\uTorrent
[2010/01/27 12:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\ViralSubmitter
[2010/05/11 15:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Weather Clock
[2008/08/15 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Web Page Maker
[2008/12/18 23:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Wireshark
[2008/09/01 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\zweitgeist
[2010/05/11 20:01:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Rainlendar2" = C:\Program Files\Rainlendar2\Rainlendar2.exe -- [2007/12/30 11:23:34 | 001,365,504 | ---- | M] ()
"Citrus Alarm Clock" = C:\Program Files\Citrus Alarm Clock\citrusac.exe -- [2001/10/21 23:50:36 | 000,513,024 | ---- | M] (Mark McIntyre)
"Alpha Clock" = C:\Program Files\Alpha Clock\aclock.exe -- [2003/10/23 05:17:06 | 000,069,120 | ---- | M] ()
"Infium" = "C:\Program Files\QIP Infium\infium.exe" /autorun -- [2009/10/08 13:17:40 | 005,662,720 | ---- | M] (QIP)
"Wakoopa" = C:\Program Files\Wakoopa\Wakoopa.exe -- [2009/03/25 14:40:14 | 000,573,440 | ---- | M] (Wakoopa)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008/04/14 05:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\stream\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2009/11/18 17:52:08 | 000,135,664 | ---- | M] (Google Inc.)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation)
"WordWeb" = "C:\Program Files\WordWeb\wweb32.exe" -startup -- [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"Weather Clock" =
"WeatherClock" = C:\Program Files\Weather Clock\WeatherClock.exe -- [2010/01/31 23:48:00 | 002,243,072 | ---- | M] (Respect Soft)

< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/12/11 20:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2007/12/18 23:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/23 17:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/02/23 17:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2010/02/23 17:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/01/01 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/09 15:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2008/11/04 17:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/01/11 19:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2009/10/15 18:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConMet
[2010/05/05 00:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/30 18:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digsby
[2009/10/15 18:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/11 14:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grasssoft
[2007/10/09 16:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iZotope
[2008/10/01 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KORG
[2010/03/31 20:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LangSoft
[2008/10/30 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/04/15 23:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2007/12/29 19:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/05/11 15:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/13 01:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2010/02/20 20:45:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/10 21:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/01/12 20:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2008/04/24 23:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/02/26 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/04/03 18:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PY_Software
[2010/03/07 18:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2008/04/20 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/05/04 17:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/07 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/05/11 15:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/05/11 20:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/12 20:23:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0D1E323F-9D1D-410B-9F3E-FBF24ECC2B05}
[2009/01/12 20:23:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
[2009/01/12 20:23:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D6072FCA-C57E-4A39-92CE-3ABE6C6D694B}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/12/15 11:45:41 | 003,002,432 | ---- | M] (Native Instruments ) -- C:\Documents and Settings\All Users\Application Data\{0D1E323F-9D1D-410B-9F3E-FBF24ECC2B05}\Traktor Setup.exe
[2008/10/29 16:12:27 | 002,931,320 | ---- | M] (Native Instruments ) -- C:\Documents and Settings\All Users\Application Data\{442B6EC3-77A0-4817-825F-67F47D7A2E54}\Service Center Setup.exe
[2008/11/17 11:04:47 | 002,666,192 | ---- | M] (Native Instruments ) -- C:\Documents and Settings\All Users\Application Data\{D6072FCA-C57E-4A39-92CE-3ABE6C6D694B}\Audio 8 DJ Driver Setup.exe
[2008/10/30 15:41:24 | 000,683,801 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Last.fm\Client\UninstFoo3\unins000.exe
[2008/04/24 23:28:55 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

< %APPDATA%\*. >
[2008/12/11 20:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Ableton
[2010/02/23 17:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\acccore
[2009/03/18 18:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Adblock Pro
[2010/02/23 09:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Adobe
[2007/12/19 21:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\AdobeUM
[2007/10/07 17:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Ahead
[2008/01/10 14:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\AOL
[2008/01/01 20:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Apple Computer
[2009/10/30 17:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Applied Acoustics Systems
[2008/10/12 17:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Audacity
[2008/11/04 17:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Azureus
[2009/12/04 21:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\BlogDesk
[2010/04/20 00:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\CoffeeCup Software
[2009/10/15 18:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\ConMet
[2010/05/05 00:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\DAEMON Tools Lite
[2010/04/30 18:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Digsby
[2009/05/03 22:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\DivX
[2009/09/18 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\DMCache
[2009/04/12 14:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\dvdcss
[2010/04/27 00:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\DVDVideoSoftIEHelpers
[2009/11/22 00:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\ElevatedDiagnostics
[2010/05/11 20:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\foobar2000
[2010/04/03 19:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Google
[2010/05/02 16:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Grasssoft
[2007/10/07 18:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Help
[2007/10/07 12:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Identities
[2009/09/18 18:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\IDM
[2007/10/07 13:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\InstallShield
[2007/10/07 17:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\IrfanView
[2008/06/29 16:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Jpeg Resampler
[2008/04/15 18:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Kerio
[2010/04/18 15:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Keyword Research Pro
[2008/10/01 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\KORG
[2010/03/31 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\LangSoft
[2009/04/29 14:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Leadertech
[2010/04/16 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Lencom
[2009/03/23 18:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Macromedia
[2010/05/11 15:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Malwarebytes
[2007/11/25 02:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Media Player Classic
[2010/05/11 14:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Micropro
[2010/03/25 20:26:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\stream\Application Data\Microsoft
[2010/04/17 17:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\mIRC
[2009/12/16 17:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Mozilla
[2009/04/14 14:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\MxBoost
[2007/10/07 20:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\NetMedia Providers
[2007/10/07 12:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Opera
[2009/02/10 15:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Progeny
[2007/10/07 18:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Publish Providers
[2009/09/06 14:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Real
[2009/01/11 23:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\REAPER
[2008/04/09 18:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\RegClean
[2008/02/03 01:03:49 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\stream\Application Data\SecuROM
[2010/05/10 07:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Skype
[2010/05/10 08:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\skypePM
[2010/05/04 17:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Sony
[2007/10/07 18:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Sony Setup
[2010/05/11 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Spyware Terminator
[2008/09/01 19:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Steinberg
[2008/04/08 12:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Sun
[2009/09/22 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\SystemRequirementsLab
[2010/05/11 14:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\uTorrent
[2010/01/27 12:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\ViralSubmitter
[2007/11/07 20:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\vlc
[2010/05/11 15:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Weather Clock
[2008/08/15 20:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Web Page Maker
[2009/10/27 00:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Winamp
[2007/10/07 14:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\WinRAR
[2008/12/18 23:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\Wireshark
[2008/09/01 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stream\Application Data\zweitgeist

< %APPDATA%\*.exe /s >
[2009/09/14 16:06:40 | 003,080,520 | ---- | M] (Tonec Inc.) -- C:\Documents and Settings\stream\Application Data\IDM\idmupdt.exe
[2001/01/01 00:00:00 | 000,168,128 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\dskyjump\DSJ.EXE
[2008/04/24 20:51:56 | 002,431,628 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\directx_mar2008_redist_41\directx_mar2008_redist.exe4
[2008/04/24 20:51:56 | 001,998,456 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\directx_mar2008_redist_41\directx_mar2008_redist.exe5
[2008/04/24 20:51:56 | 001,751,680 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\directx_mar2008_redist_41\directx_mar2008_redist.exe6
[2008/04/24 20:51:56 | 002,091,896 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\directx_mar2008_redist_41\directx_mar2008_redist.exe7
[2008/04/24 20:51:56 | 002,601,100 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\directx_mar2008_redist_41\directx_mar2008_redist.exe1
[2008/04/24 20:51:56 | 001,958,260 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\directx_mar2008_redist_41\directx_mar2008_redist.exe2
[2008/04/24 20:51:56 | 001,491,888 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\directx_mar2008_redist_41\directx_mar2008_redist.exe3
[2008/04/24 21:03:38 | 000,133,976 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\sp33411_42\sp33411.exe1
[2008/04/24 21:00:15 | 002,540,775 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\sp33411_42\sp33411.exe2
[2008/04/24 21:00:27 | 002,534,554 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\sp33411_42\sp33411.exe3
[2008/04/24 21:01:45 | 007,678,646 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\sp33537_43\sp33537.exe1
[2008/04/24 21:04:01 | 000,005,808 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\sp33537_43\sp33537.exe2
[2008/04/24 21:07:00 | 000,172,552 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\sp33537_43\sp33537.exe3
[2008/04/24 21:07:17 | 015,414,116 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\sp33537_44\sp33537.exe3
[2009/04/30 15:30:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\TS203EN_333\TS203EN.EXE
[2009/04/30 15:31:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\stream\Application Data\IDM\DwnlData\stream\TS203EN_334\TS203EN.EXE
[2010/04/15 23:49:30 | 000,007,278 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{1186703C-E6E6-4F7E-8CCD-6D26272A2579}\_4DBC07C00B2101502D53AE.exe
[2010/04/15 23:49:30 | 000,007,278 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{1186703C-E6E6-4F7E-8CCD-6D26272A2579}\_6FEFF9B68218417F98F549.exe
[2010/04/15 23:49:30 | 000,002,862 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{1186703C-E6E6-4F7E-8CCD-6D26272A2579}\_88AC343B2FAE61D133BB3F.exe
[2010/04/15 23:49:30 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{1186703C-E6E6-4F7E-8CCD-6D26272A2579}\_FEDBBE74E0FBCBC39E5335.exe
[2007/10/07 17:16:06 | 000,581,632 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{2D79124E-B4F8-40D6-A7F2-AB7249FF34BF}\ARPPRODUCTICON.exe
[2007/10/07 17:16:06 | 000,581,632 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{2D79124E-B4F8-40D6-A7F2-AB7249FF34BF}\NewShortcut1_2D79124EB4F840D6A7F2AB7249FF34BF.exe
[2010/04/17 21:08:06 | 000,012,862 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{2DE2D7A6-819E-4A60-80EB-2C6E3EA1FD4D}\_4D6E2A9E8AD347B9A7F4D1.exe
[2010/02/26 23:34:25 | 000,016,958 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{ADFB6598-D680-48D4-B06F-7848505B0B7F}\_6FEFF9B68218417F98F549.exe
[2010/02/26 23:34:25 | 000,016,958 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{ADFB6598-D680-48D4-B06F-7848505B0B7F}\_80BBC37C2F46AA1D288607.exe
[2010/02/26 23:34:25 | 000,016,958 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{ADFB6598-D680-48D4-B06F-7848505B0B7F}\_99D2BC30040FFAF14C2281.exe
[2010/04/03 19:38:48 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
[2010/04/03 19:38:48 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\stream\Application Data\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
[2009/06/29 21:51:42 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\stream\Application Data\Real\RealPlayer\setup\AU_setup.exe
[2010/05/08 03:08:25 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\stream\Application Data\Real\Update\setup3.10\setup.exe
[2007/10/07 18:37:46 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\stream\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2003/03/31 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cdrom.sys
[2008/04/14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CHANGER.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\changer.sys
[2004/08/03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: CRYPTSVC.DLL >
[2004/08/04 00:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 01:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: HAL.DLL >
[2003/03/31 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008/04/14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008/04/14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008/04/13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\hal.dll
[2004/08/03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: ISAPNP.SYS >
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008/04/14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008/04/13 19:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\isapnp.sys
[2008/04/14 00:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2003/03/31 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys

< MD5 for: LSASS.EXE >
[2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[2008/04/14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVGTS.SYS >
[2007/05/04 15:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\Win2K\sata_ide\nvgts.sys
[2007/05/04 15:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\Win2K\sataraid\nvgts.sys
[2007/05/04 15:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\WinXP\sata_ide\nvgts.sys
[2007/05/04 15:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\WinXP\sataraid\nvgts.sys

< MD5 for: NVRD32.SYS >
[2007/05/04 15:50:00 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=9E9387D6F960B0EEB12E1C1A0E9485DD -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\Win2K\sataraid\nvrd32.sys
[2007/05/04 15:50:00 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=9E9387D6F960B0EEB12E1C1A0E9485DD -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\WinXP\sataraid\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008/04/14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\smss.exe
[2008/04/14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004/08/04 00:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004/08/04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006/04/20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/12/03 20:07:46 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2004/08/03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=6A603809F598332DBEDD535BDBCE313E -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[2008/04/14 05:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/05 00:01:21 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007/10/07 12:53:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/10/07 12:53:48 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/10/07 12:53:48 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010/05/10 19:02:17 | 000,034,308 | ---- | M] () -- C:\WINDOWS\system32\BASSMOD.dll
[2010/05/10 21:58:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\ddfger.dll
[2010/05/10 21:58:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\log 10.05.2010_09.58.txt
[2010/05/11 14:41:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\log 11.05.2010_02.41.txt
[2010/05/11 20:19:03 | 000,078,942 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010/05/11 20:19:03 | 000,459,192 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010/05/11 20:19:01 | 000,548,386 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010/05/11 14:41:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 268 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61B95C7A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
< End of report >

OTL Extras logfile created on: 11/05/2010 20:34:49 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\stream\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.17 Gb Total Space | 4.69 Gb Free Space | 4.50% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 2.48 Gb Free Space | 32.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931.51 Gb Total Space | 88.64 Gb Free Space | 9.52% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STREAM98
Current User Name: stream
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Documents and Settings\stream\Desktop\qip_infinum9000\infium.exe" = C:\Documents and Settings\stream\Desktop\qip_infinum9000\infium.exe:*:Enabled:QIP Infium Beta -- (QIP)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\Soulseek-Test\slsk.exe" = C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Steam\steamapps\harmonic_33\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\harmonic_33\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Look@LAN\LookAtHost.exe" = C:\Program Files\Look@LAN\LookAtHost.exe:*:Enabled:Look@HOST -- (Carlo Medas)
"C:\Program Files\Look@LAN\LookAtLan.exe" = C:\Program Files\Look@LAN\LookAtLan.exe:*:Enabled:Look@LAN -- (Carlo Medas)
"C:\Games\Half-Life\hl.exe" = C:\Games\Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"C:\Games\HALF LIFE COMPIL N°1\hl.exe" = C:\Games\HALF LIFE COMPIL N°1\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"C:\Program Files\Clear FTP 2006\clearftp.exe" = C:\Program Files\Clear FTP 2006\clearftp.exe:*:Enabled:clearftp -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_HALF LIFE COMPIL N°1 (By RY's)" = _HALF LIFE COMPIL N°1 (By RY's)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1186703C-E6E6-4F7E-8CCD-6D26272A2579}" = Fast Email Extractor 7
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2BC9E066-8B5A-484A-9D83-5D91EF435FFE}" = Keyword Research Pro
"{2D79124E-B4F8-40D6-A7F2-AB7249FF34BF}" = Nero Burning ROM
"{2DE2D7A6-819E-4A60-80EB-2C6E3EA1FD4D}" = Droid Email Seeker
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38AD6EA4-BBC1-4A95-B792-9950D48E2171}" = Kerio Visual C++ 2005 redistributable permanent package
"{3BD8F690-F840-4BC1-8C28-D10C95FAA951}" = Ad Word Analyzer
"{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{50484AB7-75A5-4C77-9F73-1C8279860D87}" = FBP - Facebook Blaster Pro
"{5636E517-8100-4E2A-B69E-2B16AFFA2360}" = Sony Sound Forge 8.0d
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{6B23F1DA-407B-4187-9C4C-15DECA9C8F31}" = Torrent Assault
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}" = Icewind Dale II
"{8318FEFD-F467-44D6-82B8-129374BFE9B1}" = Opera 9.62
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87DABCF7-2C38-4996-8FBE-053CA6536168}" = Sony ACID Pro 6.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED43CF1-5E56-4D0C-AEB1-A9F9C164B9BC}" = Miroslav Philharmonik CE
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}" = Temple of Elemental Evil
"{ADFB6598-D680-48D4-B06F-7848505B0B7F}" = SoftwareSubmitterPro
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}" = HP Webcam
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD334DD1-3E56-4B66-B811-1BA2E205F9FE}_is1" = Keyword Sniper 1.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7B5688C-65E0-4E7B-90D9-24DE28DFC033}_is1" = Laser URL 1.2
"{C8310658-4019-4934-A7AC-AD1E35EDD8F5}" = CDRWIN 6.1
"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC3F3C10-F335-11DD-6784-00E2040B18BE}" = Email Address Extractor
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E682BE3B-09F6-44B6-9404-77AAA106178E}" = Lead Samurai
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"µTorrent CZ_is1" = µTorrent CZ 1.8.1 (build 12639)
"Adblock Pro" = Adblock Pro 2.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIDA32_is1" = AIDA32 v3.80
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Alpha 3" = Alpha 3
"Analog Factory SE_is1" = Analog Factory SE 1.2
"A-PDF Text Extractor_is1" = A-PDF Text Extractor 1.3
"Applied Acoustics Lounge Lizard EP VSTi DXi v3.0" = Applied Acoustics Lounge Lizard EP VSTi DXi v3.0
"Arturia Arp2600 V v1.0" = Arturia Arp2600 V v1.0
"Arturia minimoog V_is1" = Arturia minimoog V v1.6
"Arturia Moog Modular V2 v1.0" = Arturia Moog Modular V2 v1.0
"Atmosphere_is1" = Atmosphere
"Audio CD Maker_is1" = Audio CD Maker v6.0
"Audio Damage 907A VST v1.0.0.7" = Audio Damage 907A VST v1.0.0.7
"Audio Damage DubStation VST v1.0.2.0" = Audio Damage DubStation VST v1.0.2.0
"Audio/Video To MP3 Maker_is1" = Audio/Video To MP3 Maker version 3.12
"Audiorealism Bassline Pro v1.0.1" = Audiorealism Bassline Pro v1.0.1
"avast!" = avast! Antivirus
"B6E4AD11B487308A361AACB990AC314D7DEAD995" = Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Cakewalk Rapture Expansion Pack 1" = Cakewalk Rapture Expansion Pack 1
"CCleaner" = CCleaner (remove only)
"Citrus Alarm Clock_is1" = Citrus Alarm Clock 1.0.5
"CNXT_HDAUDIO" = Conexant HD Audio
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CS-80V_is1" = CS-80V 1.6
"Dash Signature EVE2 VSTi v2.40.00" = Dash Signature EVE2 VSTi v2.40.00
"DDDP_is1" = discoDSP Discovery Pro
"Digital Media Converter_is1" = Digital Media Converter 2.78
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy GIF Animator Pro_is1" = Easy GIF Animator 4.8 Pro
"Edirol Hyper Canvas v1.53" = Edirol Hyper Canvas v1.53
"Edirol Super Quartet v1.52 TALiO" = Edirol Super Quartet v1.52 TALiO
"foo_audioscrobbler" = Audioscrobbler for foobar2000 (remove only)
"foobar2000" = foobar2000 v0.9.5.1
"FormatFactory" = FormatFactory 2.20
"Foxit PDF Editor" = Foxit PDF Editor
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube Uploader_is1" = Free YouTube Uploader version 3.1
"GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ
"GSpot" = GSpot Codec Information Appliance
"Half-Life" = Half-Life
"HijackThis" = HijackThis 2.0.2
"IDJ Groove & Phrase Synth2.0" = IDJ Groove & Phrase Synth
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{81D200BA-8BC6-46D1-974D-FCC87ECCB2F8}" = Icewind Dale II
"intelliScore Polyphonic" = intelliScore Polyphonic
"IrfanView" = IrfanView (remove only)
"ISOpen_is1" = ISOpen V4.4.1
"iZotope pHATmatik PRO_is1" = iZotope pHATmatik PRO
"iZotope Trash_is1" = iZotope Trash
"Keywords Analyzer" = Keywords Analyzer
"KORG Legacy Collection - DIGITAL EDITION v1.0.0 " = KORG Legacy Collection - DIGITAL EDITION v1.0.0
"Korg Legacy Collection v1.1.10" = Korg Legacy Collection v1.1.10
"Laser Keyword Generator_is1" = Laser Keyword Generator 3.0
"LastFM_is1" = Last.fm 1.5.4.24567
"Linplug SaxLab v1.0.2" = Linplug SaxLab v1.0.2
"Longtion GIF Animator_is1" = Longtion GIF Animator version 5.0
"Look@LAN_1.0" = Look@LAN 2.50 Build 35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Micro Niche Finder_is1" = Micro Niche Finder
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini_Site_Templates Toolbar" = Mini_Site_Templates Toolbar
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyLife Organized" = MyLife Organized 3.0.1
"Native Instruments - Rig Kontrol 3 Driver" = Native Instruments - Rig Kontrol 3 Driver
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Kontakt 2" = Native Instruments Kontakt 2
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Xpress Keyboards v1.0" = Native Instruments Xpress Keyboards v1.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novation Bass-Station for Cubase SX3 VSTi v1.41" = Novation Bass-Station for Cubase SX3 VSTi v1.41
"NVIDIA Drivers" = NVIDIA Drivers
"Nvidia Omega Drivers for Windows XP/2kv2.169.21" = Nvidia Omega Drivers v2.169.21 Setup Files
"Open Contacts_is1" = Open Contacts v6
"Predator_is1" = Rob Papen Predator V1.1.0
"Quadrafuzz" = Quadrafuzz v1.0
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 6.0" = RealPlayer
"Rob Papen Albino 3" = Rob Papen Albino 3
"ShaPlus Bandwidth Meter" = ShaPlus Bandwidth Meter 1.3
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"Site Sniper Pro_is1" = Site Sniper Pro 2.8
"Sonik Synth 2" = Sonik Synth 2
"Soulseek2" = SoulSeek 157 NS 13c
"Spyware Terminator_is1" = Spyware Terminator
"STANDARD" = Microsoft Office Standard 2007
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Super Email Sender_is1" = Super Email Sender
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Tiberian Sun" = Command & Conquer Tiberian Sun
"Time Zone Clock V2.0_is1" = Time Zone Clock V2.0
"Totalcmd" = Total Commander (Remove or Repair)
"TVAnts 1.0" = TVAnts 1.0
"Ugo Disturbance v1.0 VSTi" = Ugo Disturbance v1.0 VSTi
"UltraISO_is1" = UltraISO Premium V8.51
"Uninstall_is1" = Uninstall 1.0.0.1
"Viral Submitter_is1" = Viral Submitter
"virtualcreations UltraPhazer_is1" = virtualcreations UltraPhazer 1.2
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Weather Clock_is1" = Weather Clock 4.3
"Winamp" = Winamp
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"WordWeb" = WordWeb
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1960408961-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.5.0.457
"uTorrent" = µTorrent
"Wakoopa" = Wakoopa

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 24/04/2008 17:39:47 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://files.ngohq.com/omega/nvidia/nvi ... 216921.exe failed, 00000084.


Error - 04/06/2008 08:53:13 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://files.ngohq.com/omega/nvidia/nvi ... 216921.exe failed, 00000084.


Error - 28/12/2008 12:31:55 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://n70.tym.cz/down/hry/lock_n_load_2.sis failed, 00000026.

Error - 28/12/2008 12:32:15 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://n70.tym.cz/down/hry/ragingthunder.sis failed, 00000026.

Error - 28/12/2008 12:35:47 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://n70.tym.cz/down/hry/ragingthunder.sis failed, 00000026.

Error - 17/02/2009 20:54:22 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://sk.static.etargetnet.com/generic ... _color:003
failed, 0000A413.

Error - 05/11/2009 15:13:25 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://clients1.google.cz/complete/sear ... %20s&cp=13
failed, 0000A413.

Error - 06/11/2009 08:30:24 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://www.youtube.com/get_video_info?& ... rock&hl=en
failed, 0000A413.

Error - 06/11/2009 16:25:12 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://clients1.google.cz/complete/sear ... 0dru&cp=13
failed, 0000A413.

Error - 09/11/2009 20:06:54 | Computer Name = STREAM98 | Source = avast! | ID = 33554522
Description = AAVM - chyba pri testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://www.elementsthegame.com/readrpvp.php?ran=579077 failed, 0000A413.

[ Application Events ]
Error - 09/11/2008 19:52:21 | Computer Name = STREAM98 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16735, faulting
module unknown, version 0.0.0.0, fault address 0x61eb77e0.

Error - 13/11/2008 14:43:09 | Computer Name = STREAM98 | Source = Application Hang | ID = 1002
Description = Hanging application acid60.exe, version 6.0.0.355, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 13/11/2008 15:58:55 | Computer Name = STREAM98 | Source = Application Hang | ID = 1002
Description = Hanging application acid60.exe, version 6.0.0.355, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 17/11/2008 21:34:55 | Computer Name = STREAM98 | Source = Application Hang | ID = 1002
Description = Hanging application opera.exe, version 9.62.10467.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/11/2008 11:35:31 | Computer Name = STREAM98 | Source = Application Error | ID = 1000
Description = Faulting application guninst.exe, version 0.0.0.0, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x0000cf6d.

Error - 26/11/2008 12:59:07 | Computer Name = STREAM98 | Source = Application Hang | ID = 1002
Description = Hanging application acid60.exe, version 6.0.0.355, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/11/2008 13:01:05 | Computer Name = STREAM98 | Source = Application Hang | ID = 1002
Description = Hanging application acid60.exe, version 6.0.0.355, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/11/2008 13:39:41 | Computer Name = STREAM98 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application acid60.exe, version 6.0.0.355, stamp 45422428,
faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
0x4ec6730c.

Error - 09/12/2008 16:33:01 | Computer Name = STREAM98 | Source = Application Hang | ID = 1002
Description = Hanging application acid60.exe, version 6.0.0.355, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 09/12/2008 16:41:02 | Computer Name = STREAM98 | Source = Application Hang | ID = 1002
Description = Hanging application acid60.exe, version 6.0.0.355, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 24/11/2009 12:47:26 | Computer Name = STREAM98 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7141
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09/04/2010 15:25:46 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 11/04/2010 03:49:09 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 13/04/2010 22:22:49 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 16/04/2010 02:52:55 | Computer Name = STREAM98 | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 16/04/2010 02:56:05 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 19/04/2010 19:50:13 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 24/04/2010 11:17:10 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 28/04/2010 12:37:34 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 29/04/2010 06:16:14 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 01/05/2010 17:24:38 | Computer Name = STREAM98 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep


< End of report >

Spusťte OTL a do spodního okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, log vložte sem.


Doporučuji odinstalovat µTorrent.

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.


Následující soubor/y otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\system32\drivers\ute3ntiz.sys
C:\WINDOWS\System32\ddfger.dll

(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

All processes killed
========== OTL ==========
Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
Prefs.js: toolbar@alexa.com:1.4.9 removed from extensions.enabledItems
Prefs.js: rankchecker@seobook.com:1.7.2 removed from extensions.enabledItems
Prefs.js: goog@ind.net:2.4 removed from extensions.enabledItems
Prefs.js: firebug@software.joehewitt.com:1.5.4 removed from extensions.enabledItems
Prefs.js: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.5 removed from extensions.enabledItems
Prefs.js: webrank-toolbar@probcomp.com:2.1 removed from extensions.enabledItems
Prefs.js: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.6 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.5.0.145 removed from extensions.enabledItems
Prefs.js: {cdd4ec87-8e25-4b42-b8fb-484fdd6a2131}:0.22 removed from extensions.enabledItems
Prefs.js: savesession@noasobi.net:1.3.1.6 removed from extensions.enabledItems
Prefs.js: lintasnusa@gmail.com:1.2 removed from extensions.enabledItems
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\skin\classic\win folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\skin\classic\trace folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\skin\classic\mac folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\skin\classic\breakOn folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\skin\classic folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\skin folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\platform\Darwin folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\platform folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\zh-TW folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\zh-CN folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\vi-VN folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\uk-UA folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\tr-TR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\sv-SE folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\sl-SI folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\sk-SK folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\ru-RU folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\ro-RO folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\pt-PT folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\pt-BR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\pl-PL folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\nl-NL folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\ko-KR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\ja-JP folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\it-IT folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\is-IS folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\hy-AM folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\hu-HU folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\hr-HR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\fr-FR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\fa-IR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\es-ES folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\es-AR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\en-US folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\el-GR folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\de-DE folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\da-DK folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\cs-CZ folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\ca-AD folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale\bg-BG folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\locale folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\lite folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\icons\default folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\icons folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\docs folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\defaults folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\content\firebug\tests folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\content\firebug\lib folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\content\firebug folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\content folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com\components folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\firebug@software.joehewitt.com folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\goog@ind.net\chrome folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\goog@ind.net folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\lintasnusa@gmail.com\chrome\skin folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\lintasnusa@gmail.com\chrome\content folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\lintasnusa@gmail.com\chrome folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\lintasnusa@gmail.com folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\rankchecker@seobook.com folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\defaults\preferences folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\defaults folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\skin folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale\zh-TW folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale\sv-SE folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale\ja folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale\it-IT folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale\es-ES folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale\de-DE folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\locale folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome\content folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net\chrome folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\savesession@noasobi.net folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\skin\rank folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\skin folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\META-INF folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\locale\zh-CN folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\locale\en-US folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\locale folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\defaults folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\content folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com\components folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@alexa.com folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-01-May-2010-21-38-27-GMT folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\webrank-toolbar@probcomp.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\webrank-toolbar@probcomp.com\defaults folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\webrank-toolbar@probcomp.com\chrome folder moved successfully.
C:\Documents and Settings\stream\Application Data\Mozilla\Firefox\Profiles\19pdxrg9.default\extensions\webrank-toolbar@probcomp.com folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1960408961-412668190-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1960408961-412668190-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShaPlus Bandwidth Meter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1960408961-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Weather Clock deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0483894E-2422-45E0-8384-021AFF1AF3CD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe "\??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat, deleted successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\002330_.tmp deleted successfully.
C:\WINDOWS\005791_.tmp deleted successfully.
C:\WINDOWS\NV26681276.TMP folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET3A59.tmp deleted successfully.
C:\WINDOWS\System32\SET3A65.tmp deleted successfully.
C:\WINDOWS\System32\setb0.tmp deleted successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP folder moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:61B95C7A .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:242231A9 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users
->Flash cache emptied: 38 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: stream
->Temp folder emptied: 26742068 bytes
->Temporary Internet Files folder emptied: 11831847 bytes
->Java cache emptied: 405860 bytes
->FireFox cache emptied: 101985141 bytes
->Google Chrome cache emptied: 6563494 bytes
->Opera cache emptied: 208146514 bytes
->Flash cache emptied: 4570 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes
RecycleBin emptied: 152917939 bytes

Total Files Cleaned = 485.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: stream
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.1 log created on 05132010_153457

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_770.dat moved successfully.

Registry entries deleted on Reboot...

OK, ještě ten virustotal.

http://www.virustotal.com/cs/analisis/7 ... 1273762665

druhy soubor ma nulovou velikost > '0 bytes size received / Se ha recibido un archivo vacio'

Spusťte OTL a do spodního okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, log vložte sem.

========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Error: No service named ute3ntiz was found to stop!
Service\Driver key ute3ntiz not found.
File C:\WINDOWS\system32\drivers\ute3ntiz.sys not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.4.1 log created on 05132010_161241

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878