ComboFix 09-06-09.06 - David's 06/09/2009 22:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.466 [GMT -4:00]
Running from: c:\documents and settings\David's\Desktop\Combo-Fix.exe
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David's\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\LocalService\Application Data\1301700638.exe
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\documents and settings\LocalService\Application Data\755020800.exe
C:\install.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\admintxt.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\ak1.exe
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\avast!AVSControlService.exe
c:\windows\system32\bszip.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\175de1d7.sys
c:\windows\system32\drivers\286cf3af.sys
c:\windows\system32\drivers\4f2007a5.sys
c:\windows\system32\drivers\qmvha.sys
c:\windows\system32\inqby.sr
c:\windows\system32\jbnmcd.dll
c:\windows\system32\jbnmck.dll
c:\windows\system32\loader49.exe
c:\windows\system32\obipewak.ini
c:\windows\system32\ofuyibuy.ini
c:\windows\system32\sft.res
c:\windows\system32\uniq.tll
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 02:16 . 2009-06-10 02:17 99422 ----a-w- c:\windows\system32\drivers\52106874.sys
2009-06-10 01:23 . 2009-06-10 02:17 99422 ----a-w- c:\windows\system32\drivers\b30c2fcc.sys
2009-06-10 00:33 . 2009-06-10 00:33 -------- d-----w- c:\program files\NVT Malware Remover Tool
2009-06-09 22:25 . 2009-06-10 02:17 99422 ----a-w- c:\windows\system32\drivers\94ddfa21.sys
2009-06-09 22:22 . 2009-06-09 22:22 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-09 22:21 . 2009-06-09 22:21 -------- d-----w- c:\windows\system32\796525
2009-06-09 22:21 . 2009-06-09 22:21 -------- d-----w- c:\documents and settings\David's\Application Data\ptidle
2009-06-09 19:05 . 2009-06-09 22:21 -------- d-----w- c:\documents and settings\David's\Application Data\GetRightToGo
2009-06-09 02:46 . 2009-06-09 02:46 -------- d-----w- c:\program files\GlobalInfection
2009-06-06 16:37 . 2009-06-06 16:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-06 16:37 . 2009-06-09 22:15 -------- d-----w- c:\documents and settings\David's\Application Data\skypePM
2009-06-06 16:33 . 2009-06-10 02:17 -------- d-----w- c:\documents and settings\David's\Application Data\Skype
2009-06-06 16:33 . 2009-06-06 16:33 -------- d-----w- c:\program files\Common Files\Skype
2009-06-06 16:33 . 2009-06-06 16:33 -------- d-----r- c:\program files\Skype
2009-06-06 16:33 . 2009-06-06 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-06 16:17 . 2009-06-10 01:52 -------- d-----w- c:\documents and settings\David's\Local Settings\Application Data\TSVNCache
2009-06-06 16:17 . 2009-06-06 16:17 -------- d-----w- c:\documents and settings\David's\Application Data\TortoiseSVN
2009-06-06 16:14 . 2009-06-06 16:14 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-06-06 16:14 . 2009-06-06 16:14 -------- d-----w- c:\program files\TortoiseSVN
2009-06-04 18:40 . 2009-06-04 18:40 1332528 ----a-w- c:\documents and settings\David's\Application Data\WSS.exe
2009-06-04 01:34 . 2009-06-04 02:03 -------- d-----w- c:\documents and settings\David's\workspace
2009-06-02 22:55 . 2009-06-02 22:55 -------- d-----w- c:\program files\AutoIt3
2009-05-31 12:27 . 2009-05-27 21:46 779720 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PurpleBean.exe
2009-05-31 12:26 . 2009-05-26 21:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-31 12:26 . 2009-05-13 00:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-25 15:35 . 2009-05-25 15:39 -------- d-----w- c:\program files\Incomplete
2009-05-24 02:55 . 2009-05-24 02:56 -------- d-----w- c:\documents and settings\David's\Local Settings\Application Data\Google
2009-05-21 22:28 . 2009-05-21 22:28 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-05-21 01:39 . 2009-03-22 01:39 32 ----a-r- c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 22:21 . 2006-04-07 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 07:59 . 2009-02-16 22:58 -------- d-----w- c:\documents and settings\David's\Application Data\TeamViewer
2009-06-04 18:31 . 2009-02-24 20:43 -------- d-----w- c:\program files\WeGame
2009-05-31 12:27 . 2009-03-02 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-05-31 03:56 . 2009-03-02 02:45 -------- d-----w- c:\program files\DriftCity
2009-05-25 15:39 . 2008-09-23 19:07 -------- d-----w- c:\documents and settings\David's\Application Data\LimeWire
2009-05-25 15:35 . 2008-09-23 19:07 -------- d-----w- c:\program files\LimeWire
2009-05-02 13:55 . 2009-01-12 19:20 599560 ----a-w- c:\documents and settings\David's\Application Data\HiYo\Data\hiyo_install.exe
2009-05-02 13:55 . 2008-09-29 22:08 -------- d-----w- c:\program files\MSN Messenger
2009-04-20 01:33 . 2009-04-20 01:33 -------- d-----w- c:\program files\Trend Micro
2009-04-20 01:17 . 2009-04-20 01:17 118784 ----a-w- c:\windows\system32\sgc315j0e19g.dll
2009-04-20 01:17 . 2009-04-20 01:17 80191 ----a-w- c:\windows\system32\qgc715j0e19g .exe
2009-04-20 00:57 . 2009-04-20 00:56 -------- d-----w- c:\program files\iTunes
2009-04-20 00:57 . 2009-04-20 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-20 00:57 . 2009-04-20 00:57 -------- d-----w- c:\program files\iPod
2009-04-20 00:57 . 2009-03-17 23:03 -------- d-----w- c:\program files\Common Files\Apple
2009-04-20 00:51 . 2009-04-20 00:51 -------- d-----w- c:\documents and settings\David's\Application Data\AVS4YOU
2009-04-20 00:51 . 2009-04-20 00:51 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-20 00:50 . 2009-04-20 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-20 00:49 . 2009-04-20 00:46 -------- d-----w- c:\program files\AVS4YOU
2009-04-20 00:49 . 2009-04-20 00:48 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-04-06 19:32 . 2006-04-07 21:59 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2006-04-07 21:59 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-28 11:48 . 2008-11-20 21:31 34 ----a-w- c:\documents and settings\David's\jagex_runescape_preferences.dat
2009-03-28 00:54 . 2009-03-28 00:54 45056 ----a-r- c:\documents and settings\David's\Application Data\Microsoft\Installer\{B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374}\MapleStory.exe1_B5F7ED63E4D54BE694F0F06A2CCC5374.exe
2009-03-28 00:54 . 2009-03-28 00:54 45056 ----a-r- c:\documents and settings\David's\Application Data\Microsoft\Installer\{B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374}\MapleStory.exe_B5F7ED63E4D54BE694F0F06A2CCC5374_1.exe
2009-03-28 00:54 . 2009-03-28 00:54 10134 ----a-r- c:\documents and settings\David's\Application Data\Microsoft\Installer\{B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374}\ARPPRODUCTICON.exe
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 20:24 . 2009-03-17 20:24 966808 ----a-w- c:\documents and settings\David's\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000004.exe
2006-04-07 23:28 . 2006-04-07 23:28 308 ----a-w- c:\program files\pkpwbdro.txt
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-09-23 00:55 . 2008-09-23 00:55 8 --sh--r- c:\windows\system32\96E69B85F0.sys
2009-02-14 21:18 . 2009-02-14 20:54 80 --sh--r- c:\windows\system32\F0859BE696.dll
2008-10-08 02:12 . 2008-10-08 02:12 56 --sh--r- c:\windows\system32\F0859BE696.sys
2006-04-01 00:34 . 2006-01-01 00:34 86528 --sha-w- c:\windows\system32\kenayiba.dll
2008-10-08 02:12 . 2008-09-23 00:55 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2006-03-31 04:01 . 1601-01-01 00:12 51712 --sha-w- c:\windows\system32\kozibala.exe
2006-04-07 12:47 . 2006-01-07 12:47 51712 --sha-w- c:\windows\system32\tepeliju.exe
2006-04-07 12:47 . 2006-01-07 12:47 86528 --sha-w- c:\windows\system32\vuhodoji.dll
.
------- Sigcheck -------
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
[-] 2006-04-01 16:00 212224 D100A615E6F577B399061320A682A037 c:\windows\system32\dllcache\ndis.sys
[-] 2006-04-01 16:00 212224 D100A615E6F577B399061320A682A037 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.466 [GMT -4:00]
Running from: c:\documents and settings\David's\Desktop\Combo-Fix.exe
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\David's\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\LocalService\Application Data\1301700638.exe
c:\documents and settings\LocalService\Application Data\1361538659.exe
c:\documents and settings\LocalService\Application Data\1458931097.exe
c:\documents and settings\LocalService\Application Data\755020800.exe
C:\install.exe
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\admintxt.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\ak1.exe
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\avast!AVSControlService.exe
c:\windows\system32\bszip.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\175de1d7.sys
c:\windows\system32\drivers\286cf3af.sys
c:\windows\system32\drivers\4f2007a5.sys
c:\windows\system32\drivers\qmvha.sys
c:\windows\system32\inqby.sr
c:\windows\system32\jbnmcd.dll
c:\windows\system32\jbnmck.dll
c:\windows\system32\loader49.exe
c:\windows\system32\obipewak.ini
c:\windows\system32\ofuyibuy.ini
c:\windows\system32\sft.res
c:\windows\system32\uniq.tll
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AVAST!ANTIVIRUS
-------\Service_avast!Antivirus
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 02:16 . 2009-06-10 02:17 99422 ----a-w- c:\windows\system32\drivers\52106874.sys
2009-06-10 01:23 . 2009-06-10 02:17 99422 ----a-w- c:\windows\system32\drivers\b30c2fcc.sys
2009-06-10 00:33 . 2009-06-10 00:33 -------- d-----w- c:\program files\NVT Malware Remover Tool
2009-06-09 22:25 . 2009-06-10 02:17 99422 ----a-w- c:\windows\system32\drivers\94ddfa21.sys
2009-06-09 22:22 . 2009-06-09 22:22 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-09 22:21 . 2009-06-09 22:21 -------- d-----w- c:\windows\system32\796525
2009-06-09 22:21 . 2009-06-09 22:21 -------- d-----w- c:\documents and settings\David's\Application Data\ptidle
2009-06-09 19:05 . 2009-06-09 22:21 -------- d-----w- c:\documents and settings\David's\Application Data\GetRightToGo
2009-06-09 02:46 . 2009-06-09 02:46 -------- d-----w- c:\program files\GlobalInfection
2009-06-06 16:37 . 2009-06-06 16:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-06 16:37 . 2009-06-09 22:15 -------- d-----w- c:\documents and settings\David's\Application Data\skypePM
2009-06-06 16:33 . 2009-06-10 02:17 -------- d-----w- c:\documents and settings\David's\Application Data\Skype
2009-06-06 16:33 . 2009-06-06 16:33 -------- d-----w- c:\program files\Common Files\Skype
2009-06-06 16:33 . 2009-06-06 16:33 -------- d-----r- c:\program files\Skype
2009-06-06 16:33 . 2009-06-06 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-06 16:17 . 2009-06-10 01:52 -------- d-----w- c:\documents and settings\David's\Local Settings\Application Data\TSVNCache
2009-06-06 16:17 . 2009-06-06 16:17 -------- d-----w- c:\documents and settings\David's\Application Data\TortoiseSVN
2009-06-06 16:14 . 2009-06-06 16:14 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-06-06 16:14 . 2009-06-06 16:14 -------- d-----w- c:\program files\TortoiseSVN
2009-06-04 18:40 . 2009-06-04 18:40 1332528 ----a-w- c:\documents and settings\David's\Application Data\WSS.exe
2009-06-04 01:34 . 2009-06-04 02:03 -------- d-----w- c:\documents and settings\David's\workspace
2009-06-02 22:55 . 2009-06-02 22:55 -------- d-----w- c:\program files\AutoIt3
2009-05-31 12:27 . 2009-05-27 21:46 779720 ----a-w- c:\documents and settings\All Users\Application Data\IJJIGame\PurpleBean.exe
2009-05-31 12:26 . 2009-05-26 21:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-31 12:26 . 2009-05-13 00:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-25 15:35 . 2009-05-25 15:39 -------- d-----w- c:\program files\Incomplete
2009-05-24 02:55 . 2009-05-24 02:56 -------- d-----w- c:\documents and settings\David's\Local Settings\Application Data\Google
2009-05-21 22:28 . 2009-05-21 22:28 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-05-21 01:39 . 2009-03-22 01:39 32 ----a-r- c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 22:21 . 2006-04-07 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 07:59 . 2009-02-16 22:58 -------- d-----w- c:\documents and settings\David's\Application Data\TeamViewer
2009-06-04 18:31 . 2009-02-24 20:43 -------- d-----w- c:\program files\WeGame
2009-05-31 12:27 . 2009-03-02 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IJJIGame
2009-05-31 03:56 . 2009-03-02 02:45 -------- d-----w- c:\program files\DriftCity
2009-05-25 15:39 . 2008-09-23 19:07 -------- d-----w- c:\documents and settings\David's\Application Data\LimeWire
2009-05-25 15:35 . 2008-09-23 19:07 -------- d-----w- c:\program files\LimeWire
2009-05-02 13:55 . 2009-01-12 19:20 599560 ----a-w- c:\documents and settings\David's\Application Data\HiYo\Data\hiyo_install.exe
2009-05-02 13:55 . 2008-09-29 22:08 -------- d-----w- c:\program files\MSN Messenger
2009-04-20 01:33 . 2009-04-20 01:33 -------- d-----w- c:\program files\Trend Micro
2009-04-20 01:17 . 2009-04-20 01:17 118784 ----a-w- c:\windows\system32\sgc315j0e19g.dll
2009-04-20 01:17 . 2009-04-20 01:17 80191 ----a-w- c:\windows\system32\qgc715j0e19g .exe
2009-04-20 00:57 . 2009-04-20 00:56 -------- d-----w- c:\program files\iTunes
2009-04-20 00:57 . 2009-04-20 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-20 00:57 . 2009-04-20 00:57 -------- d-----w- c:\program files\iPod
2009-04-20 00:57 . 2009-03-17 23:03 -------- d-----w- c:\program files\Common Files\Apple
2009-04-20 00:51 . 2009-04-20 00:51 -------- d-----w- c:\documents and settings\David's\Application Data\AVS4YOU
2009-04-20 00:51 . 2009-04-20 00:51 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-20 00:50 . 2009-04-20 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-20 00:49 . 2009-04-20 00:46 -------- d-----w- c:\program files\AVS4YOU
2009-04-20 00:49 . 2009-04-20 00:48 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-04-06 19:32 . 2006-04-07 21:59 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2006-04-07 21:59 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-28 11:48 . 2008-11-20 21:31 34 ----a-w- c:\documents and settings\David's\jagex_runescape_preferences.dat
2009-03-28 00:54 . 2009-03-28 00:54 45056 ----a-r- c:\documents and settings\David's\Application Data\Microsoft\Installer\{B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374}\MapleStory.exe1_B5F7ED63E4D54BE694F0F06A2CCC5374.exe
2009-03-28 00:54 . 2009-03-28 00:54 45056 ----a-r- c:\documents and settings\David's\Application Data\Microsoft\Installer\{B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374}\MapleStory.exe_B5F7ED63E4D54BE694F0F06A2CCC5374_1.exe
2009-03-28 00:54 . 2009-03-28 00:54 10134 ----a-r- c:\documents and settings\David's\Application Data\Microsoft\Installer\{B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374}\ARPPRODUCTICON.exe
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 20:24 . 2009-03-17 20:24 966808 ----a-w- c:\documents and settings\David's\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000004.exe
2006-04-07 23:28 . 2006-04-07 23:28 308 ----a-w- c:\program files\pkpwbdro.txt
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-09-23 00:55 . 2008-09-23 00:55 8 --sh--r- c:\windows\system32\96E69B85F0.sys
2009-02-14 21:18 . 2009-02-14 20:54 80 --sh--r- c:\windows\system32\F0859BE696.dll
2008-10-08 02:12 . 2008-10-08 02:12 56 --sh--r- c:\windows\system32\F0859BE696.sys
2006-04-01 00:34 . 2006-01-01 00:34 86528 --sha-w- c:\windows\system32\kenayiba.dll
2008-10-08 02:12 . 2008-09-23 00:55 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2006-03-31 04:01 . 1601-01-01 00:12 51712 --sha-w- c:\windows\system32\kozibala.exe
2006-04-07 12:47 . 2006-01-07 12:47 51712 --sha-w- c:\windows\system32\tepeliju.exe
2006-04-07 12:47 . 2006-01-07 12:47 86528 --sha-w- c:\windows\system32\vuhodoji.dll
.
------- Sigcheck -------
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
[-] 2006-04-01 16:00 212224 D100A615E6F577B399061320A682A037 c:\windows\system32\dllcache\ndis.sys
[-] 2006-04-01 16:00 212224 D100A615E6F577B399061320A682A037 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 13:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll