Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware / Trojan on Laptop


  • This topic is locked This topic is locked
10 replies to this topic

#1 jfriel

jfriel

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 11 August 2009 - 11:47 AM

I am trying to clean up / improve performance on my brothers laptop for him as its loaded with lots of unused programs / files etc and whilst using it i get the impression that there is something running that is taking up system resources that shouldnt be there. I have ran a couple of virus scans using AVG / MalwareBytes etc but nothing has been found. I'd appreciate any help to get the laptop fully scannes and tested for malware / trojans.

DDS LOG


DDS (Ver_09-07-30.01) - NTFSx86
Run by john at 17:33:50.76 on 11/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1290 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Documents and Settings\john\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {5776A2BC-D803-47F6-9DC0-8344DB8D604C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunApp.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\john\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/en/10/install/gtdownde.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5200/mcfscan.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\cpzdm4p0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-4 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-4 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-4 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-23 298776]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-3-2 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-3-2 36608]
S2 gupdate1c9ff3b80ed74ee;Google Update Service (gupdate1c9ff3b80ed74ee);c:\program files\google\update\GoogleUpdate.exe [2009-7-7 133104]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================


==================== Find3M ====================

2009-07-19 14:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 14:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-18 12:56 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 12:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 09:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 09:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 09:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-23 12:54 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-23 11:53 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 20:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2007-12-02 20:14 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-07-04 15:15 49,498 a------- c:\program files\popcorn Terms.html
2008-09-10 18:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat

============= FINISH: 17:34:51.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 23 August 2009 - 06:07 AM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 jfriel

jfriel
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 23 August 2009 - 04:02 PM

Thanks for getting back to me. I am not sure exactly what the problem is - system is running slower than it should be and something seems to be resource hogging. Scan results are posted below.

DDS.TXT RESULTS


DDS (Ver_09-07-30.01) - NTFSx86
Run by john at 21:38:57.15 on 23/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1300 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\john\Desktop\MALWARE FIX\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5776A2BC-D803-47F6-9DC0-8344DB8D604C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [NPSStartup]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\partygaming\partycasino\RunApp.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\john\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/en/10/install/gtdownde.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5200/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\cpzdm4p0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-20 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-20 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-20 298776]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-3-2 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-3-2 36608]
S2 gupdate1c9ff3b80ed74ee;Google Update Service (gupdate1c9ff3b80ed74ee);c:\program files\google\update\GoogleUpdate.exe [2009-7-7 133104]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2009-08-21 01:20 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-08-21 01:20 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-08-21 01:20 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-08-21 01:18 81,920 -------- c:\windows\system32\ieencode.dll
2009-08-21 01:05 19,569 a------- c:\windows\003377_.tmp
2009-08-21 00:16 <DIR> --dsh--- c:\documents and settings\john\PrivacIE
2009-08-20 17:01 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-08-20 17:01 301,568 -c------ c:\windows\system32\dllcache\kerberos.dll
2009-08-20 17:01 147,456 -c------ c:\windows\system32\dllcache\schannel.dll
2009-08-20 17:01 136,192 -c------ c:\windows\system32\dllcache\msv1_0.dll
2009-08-20 17:01 92,928 -c------ c:\windows\system32\dllcache\ksecdd.sys
2009-08-20 17:01 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-08-20 17:01 54,272 -c------ c:\windows\system32\dllcache\wdigest.dll
2009-08-20 13:43 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-20 13:43 80,896 -c------ c:\windows\system32\dllcache\tlntsess.exe
2009-08-20 13:42 76,288 -c------ c:\windows\system32\dllcache\telnet.exe
2009-08-20 13:42 132,096 -c------ c:\windows\system32\dllcache\wkssvc.dll
2009-08-20 13:42 84,992 -c------ c:\windows\system32\dllcache\avifil32.dll
2009-08-20 13:39 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-08-20 13:39 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-08-20 13:39 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-08-20 13:39 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-08-20 13:39 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-08-20 13:39 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-08-20 13:39 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-08-20 13:39 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-20 13:39 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-20 13:39 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-20 13:39 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-20 13:35 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-20 13:35 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-20 13:24 <DIR> --d----- c:\program files\CleanUp!
2009-08-20 13:24 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-20 13:23 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-20 13:22 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-08-20 13:22 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-20 13:20 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-20 13:20 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-20 13:20 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-20 13:20 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-20 13:20 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-20 13:20 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-20 13:20 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-20 13:20 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-08-20 11:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-20 11:25 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-20 11:25 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 11:25 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-20 11:25 <DIR> --d----- c:\docume~1\john\applic~1\AVGTOOLBAR
2009-08-20 11:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-20 00:59 2,145,386,496 a------- c:\windows\MEMORY.DMP
2009-08-20 00:32 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-08-20 00:31 7,680 ac------ c:\windows\system32\dllcache\ftpctrs2.dll
2009-08-20 00:30 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-08-20 00:30 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-08-20 00:30 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-08-20 00:30 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-08-20 00:30 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-08-20 00:30 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-08-20 00:30 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-08-20 00:28 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-08-20 00:13 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-08-20 00:13 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-08-20 00:13 24,661 a------- c:\windows\system32\spxcoins.dll
2009-08-20 00:13 13,312 a------- c:\windows\system32\irclass.dll
2009-08-20 00:13 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-08-20 00:13 37,484 ac------ c:\windows\system32\dllcache\MW770.CAT
2009-08-20 00:13 13,472 ac------ c:\windows\system32\dllcache\HPCRDP.CAT
2009-08-20 00:13 8,574 ac------ c:\windows\system32\dllcache\IASNT4.CAT
2009-08-20 00:13 7,382 ac------ c:\windows\system32\dllcache\OEMBIOS.CAT
2009-08-20 00:13 1,042,903 ac------ c:\windows\system32\dllcache\SP2.CAT
2009-08-20 00:13 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-08-19 11:13 202,776 ac------ c:\windows\system32\dllcache\wuweb.dll
2009-08-19 11:13 34,328 ac------ c:\windows\system32\dllcache\wups.dll
2009-08-19 11:13 323,608 ac------ c:\windows\system32\dllcache\wucltui.dll
2009-08-19 11:12 1,809,944 ac------ c:\windows\system32\dllcache\wuaueng.dll
2009-08-19 11:12 213,528 ac------ c:\windows\system32\dllcache\wuaucpl.cpl
2009-08-19 11:12 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-08-19 11:12 51,224 ac------ c:\windows\system32\dllcache\wuauclt.exe
2009-08-19 11:12 561,688 ac------ c:\windows\system32\dllcache\wuapi.dll
2009-08-18 20:47 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-18 20:47 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-08-18 20:44 65,832 a------- c:\windows\Santa Fe Stucco.bmp
2009-08-18 20:44 26,680 a------- c:\windows\River Sumida.bmp
2009-08-18 20:44 17,362 a------- c:\windows\Rhododendron.bmp
2009-08-18 20:44 65,954 a------- c:\windows\Prairie Wind.bmp
2009-08-18 20:44 26,582 a------- c:\windows\Greenstone.bmp
2009-08-18 20:01 4,161 a------- c:\windows\ODBCINST.INI
2009-08-18 20:01 <DIR> --d----- c:\program files\common files\ODBC
2009-08-18 20:01 7,334 ac------ c:\windows\system32\dllcache\wmerrenu.cat
2009-08-18 19:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-08-18 19:13 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-08-18 19:13 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-08-18 18:31 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-08-18 18:31 <DIR> --d----- c:\docume~1\john\applic~1\DAEMON Tools Lite
2009-08-18 17:57 32,256 a------- C:\wpabaln.exe
2009-08-18 17:57 2,206 a------- C:\wpa.dbl
2009-08-16 23:37 <DIR> --dsh--- c:\documents and settings\john\IETldCache
2009-08-16 00:35 <DIR> --d----- C:\b457639b1513fb1dd096809380
2009-08-16 00:28 <DIR> --d----- C:\d71a8b3eefcd80401541f22a68127291
2009-08-16 00:28 <DIR> --d----- C:\cf686f7e82859fb5860ae4bded1eca8b
2009-08-16 00:25 <DIR> --d----- c:\windows\ie8updates
2009-08-16 00:20 <DIR> -cd-h--- c:\windows\ie8
2009-08-11 15:00 <DIR> --d----- c:\program files\Trend Micro
2009-08-10 14:56 <DIR> --d----- C:\pra
2009-08-07 10:51 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-01 17:50 40 a------- c:\windows\ujf635.bin
2009-08-01 17:48 266,088 a------- c:\windows\system32\xactengine2_8.dll
2009-08-01 17:43 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-01 17:42 <DIR> --d----- c:\windows\Logs
2009-08-01 17:41 <DIR> --d----- c:\program files\Betfair
2009-07-29 05:37 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-07-29 05:37 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll
2009-07-28 19:07 <DIR> --d----- c:\docume~1\john\applic~1\EasyChat
2009-07-28 19:06 <DIR> --d----- c:\program files\EasyChat

==================== Find3M ====================

2009-08-20 00:26 23,412 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 19:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 19:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 19:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 19:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 19:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 19:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 19:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 19:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 19:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 19:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 19:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 19:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-23 12:54 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-22 12:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 12:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 12:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-12 13:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-12-02 20:14 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-07-04 15:15 49,498 a------- c:\program files\popcorn Terms.html

============= FINISH: 21:42:16.50 ===============

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:47 PM

Posted 27 August 2009 - 02:36 PM

Hello jfriel,

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Before you do any of the next step you need to temporarily disable the TeaTimer protection in spybot, as it may
stop the tools we use from doing their job. Please keep it disabled whilst I am helping you then you can enable it again
when your clean.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.

Next

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Symantec or AVG.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Next
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Posted Image
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.
Then please post back here with the following:
  • OTListIt.txt
  • Extra.txt
  • RootRepeal.txt
Thanks

unite.jpg


#5 jfriel

jfriel
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 27 August 2009 - 04:55 PM

Hi Syler

OK - i know that both AVG and Symantec End Point are showing up in the logs but it only seems that AVG is installed - i can't find Symantec in Add/Remove Programs.

Here are the logs of the scans run.


OTListIt.txt
OTL logfile created on: 27/08/2009 22:28:32 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\john\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.10% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.84% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.78 Gb Total Space | 4.23 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MALS-LAPTOP
Current User Name: john
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2003/02/25 06:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/02/25 06:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/20 12:48:53 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/30 01:35:45 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2008/12/13 18:15:26 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
PRC - [2005/06/21 00:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/08/20 12:48:51 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 12:49:03 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 12:48:55 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2004/09/07 16:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/20 12:49:03 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/05/12 21:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004/09/07 16:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/30 14:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/01/27 18:16:58 | 00,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2007/10/09 17:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/09/03 09:58:48 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
PRC - [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 01:01:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2009/08/20 12:48:59 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/27 22:23:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/27 22:23:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/27 22:26:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/08/20 12:48:51 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/20 12:48:53 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/11/30 01:35:45 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/13 18:15:26 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService [Auto | Running])
SRV - [2009/07/07 20:45:12 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ff3b80ed74ee [Auto | Stopped])
SRV - [2009/08/21 11:22:21 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2003/02/25 06:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2005/06/21 00:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/08/07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/08/27 22:23:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/04 14:20:50 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2004/11/16 16:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2004/06/30 09:39:36 | 00,016,128 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys -- (Appdrv [On_Demand | Running])
DRV - [2004/08/04 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/05/13 02:46:20 | 01,132,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/08/20 12:49:03 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/20 12:49:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/20 12:48:58 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/05/26 20:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2005/11/30 01:35:47 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/08/12 08:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iwca.sys -- (IWCA [On_Demand | Running])
DRV - [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/05/07 07:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/05/07 07:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2007/09/17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/01/09 12:18:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2004/08/31 08:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/08/18 18:31:52 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Stopped])
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2008/02/22 16:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2008/02/22 16:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2008/02/22 16:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/03/10 16:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2004/08/04 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/06/06 09:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/14 00:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/05/07 07:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2004/10/21 20:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2008/12/13 18:15:26 | 00,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.SYS -- (FsUsbExDisk [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1



IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\S-1-5-21-1705597141-3943613990-1634738062-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.014.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/20 13:13:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/20 13:13:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/27 22:23:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/11 15:32:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/21 17:07:36 | 00,000,000 | ---D | M]

[2009/07/09 02:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Extensions
[2009/06/23 22:09:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/09 02:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/08/27 12:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions
[2009/08/07 10:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/08/07 10:49:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}(2)
[2006/01/28 18:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/27 22:24:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/17 00:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/08 21:49:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/02 20:11:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/02/05 14:22:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/27 22:24:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/08 21:48:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/08 21:48:29 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/08/27 22:23:44 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/08 21:48:45 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/23 12:54:22 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/07 13:48:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/23 12:54:46 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/06/23 12:54:11 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/08 21:48:49 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/08 21:48:49 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/20 13:19:03 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/08 21:48:49 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/08 21:48:49 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/08 21:48:49 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/08 21:48:49 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/08 21:48:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/08 21:48:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (292138 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\john\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://ebanking.northernbank.co.uk/html/ac...B/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/en/10/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...200/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/08/27 22:27:47 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\john\Desktop\RootRepeal.zip
[2009/08/27 22:25:52 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
[2009/08/27 22:24:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/27 22:24:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/27 22:24:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/27 22:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/27 22:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/08/27 22:15:15 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/08/27 22:15:00 | 00,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\msicuu2.exe
[2009/08/27 22:03:32 | 21,468,93824 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/27 22:01:11 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\jre-6u16-windows-i586.exe
[2009/08/27 21:17:50 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\john\Desktop\jre-6u16-windows-i586.exe
[2009/08/27 21:03:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Local Settings\Application Data\Temp
[2009/08/24 23:55:07 | 04,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\john\Desktop\everesthome220.exe
[2009/08/24 22:39:27 | 04,675,584 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\john\Desktop\R99254.EXE
[2009/08/24 22:25:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Local Settings\Application Data\Deployment
[2009/08/21 23:35:31 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\john\Desktop\JOHN FRIEL ADDRESS.doc
[2009/08/21 13:58:04 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/21 13:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/08/21 13:53:50 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/08/21 13:53:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/21 09:52:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/21 01:20:31 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/08/21 01:20:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/08/21 01:20:29 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/08/21 01:18:51 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/08/21 01:01:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/08/20 17:01:00 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/08/20 17:01:00 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/08/20 17:01:00 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/08/20 17:01:00 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/08/20 17:01:00 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/08/20 17:01:00 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2009/08/20 17:01:00 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/08/20 15:38:47 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2009/08/20 15:38:45 | 01,257,417 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe.part
[2009/08/20 14:59:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Desktop\MALWARE FIX
[2009/08/20 14:32:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Desktop\Sharking
[2009/08/20 13:43:45 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/08/20 13:43:00 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/08/20 13:42:59 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/08/20 13:42:09 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/08/20 13:42:05 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/08/20 13:39:46 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/08/20 13:39:45 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/08/20 13:39:45 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/08/20 13:39:45 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/08/20 13:39:45 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/08/20 13:39:44 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/08/20 13:39:44 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/08/20 13:39:44 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/08/20 13:39:43 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/08/20 13:39:42 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/08/20 13:39:40 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/08/20 13:35:28 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/08/20 13:35:09 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/08/20 13:24:57 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/08/20 13:24:44 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/08/20 13:23:52 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/08/20 13:22:37 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/20 13:22:06 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/08/20 13:20:32 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/08/20 13:20:22 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/20 13:20:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/08/20 13:20:11 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/08/20 13:20:11 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/08/20 13:20:11 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/08/20 13:20:10 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/08/20 13:20:09 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/08/20 11:25:25 | 40,201,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/20 11:25:25 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/20 11:25:25 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/20 11:25:25 | 00,069,073 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/20 11:25:25 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/20 11:25:25 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/20 11:25:23 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 11:25:23 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/20 11:25:22 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/20 11:25:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/20 11:25:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Application Data\AVGTOOLBAR
[2009/08/20 11:24:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/20 00:59:01 | 21,453,86496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/08/20 00:33:46 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/08/20 00:33:46 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/08/20 00:33:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/08/20 00:33:44 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/08/20 00:33:44 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/08/20 00:33:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/08/20 00:33:44 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/08/20 00:33:38 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/08/20 00:33:36 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/08/20 00:33:35 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/08/20 00:33:35 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/08/20 00:33:35 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/08/20 00:33:34 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/08/20 00:33:34 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/08/20 00:33:34 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/08/20 00:33:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/08/20 00:33:29 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/08/20 00:33:27 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/08/20 00:33:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/08/20 00:33:25 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/08/20 00:33:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/08/20 00:33:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/08/20 00:33:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/08/20 00:33:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/08/20 00:33:23 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/08/20 00:33:23 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/08/20 00:33:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/08/20 00:33:23 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/08/20 00:33:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/08/20 00:33:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/08/20 00:33:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/08/20 00:33:22 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/08/20 00:33:22 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/08/20 00:33:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/08/20 00:33:15 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/08/20 00:33:13 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/08/20 00:33:13 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/08/20 00:33:11 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/08/20 00:33:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/08/20 00:33:09 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/08/20 00:33:09 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/08/20 00:33:05 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/08/20 00:33:05 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/08/20 00:33:04 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/08/20 00:33:04 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/08/20 00:33:04 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/08/20 00:33:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/08/20 00:33:03 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/08/20 00:33:02 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/08/20 00:32:55 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/08/20 00:32:53 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/08/20 00:32:32 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/08/20 00:32:32 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/08/20 00:32:32 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/08/20 00:32:30 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/08/20 00:32:28 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/08/20 00:32:22 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/08/20 00:32:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/08/20 00:32:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/08/20 00:32:19 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/08/20 00:32:17 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/08/20 00:32:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/08/20 00:32:15 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/08/20 00:32:14 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/08/20 00:32:14 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/08/20 00:32:02 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/08/20 00:31:53 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/08/20 00:31:52 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/08/20 00:31:51 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/08/20 00:31:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/08/20 00:31:49 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/08/20 00:31:49 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/08/20 00:31:49 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/08/20 00:31:34 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/08/20 00:31:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/08/20 00:31:34 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/08/20 00:31:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/08/20 00:31:31 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/08/20 00:31:31 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/08/20 00:31:31 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/08/20 00:31:30 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/08/20 00:31:30 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/08/20 00:31:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/08/20 00:31:29 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/08/20 00:31:29 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/08/20 00:31:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/08/20 00:31:28 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/08/20 00:31:28 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/08/20 00:31:26 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/08/20 00:31:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/08/20 00:31:23 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/08/20 00:31:23 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/08/20 00:31:23 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/08/20 00:31:22 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/08/20 00:31:22 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/08/20 00:31:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/08/20 00:31:19 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/08/20 00:31:17 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/08/20 00:31:15 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/08/20 00:31:15 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/08/20 00:31:14 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/08/20 00:31:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/08/20 00:31:10 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/08/20 00:31:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/08/20 00:31:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/08/20 00:30:51 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/08/20 00:30:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/08/20 00:30:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/08/20 00:30:50 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/08/20 00:30:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/08/20 00:30:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/08/20 00:30:46 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/08/20 00:28:11 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/20 00:13:21 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/08/20 00:13:21 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/08/20 00:13:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/08/20 00:13:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/08/20 00:13:04 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/08/20 00:13:04 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/08/20 00:13:04 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/08/20 00:13:04 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/08/20 00:13:04 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/08/20 00:13:03 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/08/20 00:13:03 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/08/19 11:13:07 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/08/19 11:13:07 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/08/19 11:13:06 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/08/19 11:13:06 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/08/19 11:13:04 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/08/19 11:13:04 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/08/19 11:12:56 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/08/19 11:12:56 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/08/19 11:12:47 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/08/19 11:12:47 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/08/19 11:12:42 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/08/19 11:12:42 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/08/19 11:12:36 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/08/19 11:12:36 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/08/18 20:47:24 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/08/18 20:47:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/08/18 20:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/08/18 20:44:26 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/08/18 20:44:26 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/08/18 20:44:26 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/08/18 20:44:25 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/08/18 20:44:25 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/08/18 20:01:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/08/18 20:01:15 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/08/18 19:13:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/18 19:13:40 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/08/18 19:13:35 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/08/18 18:31:51 | 00,721,904 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/18 18:31:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Application Data\DAEMON Tools Lite
[2009/08/18 17:57:53 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\wpabaln.exe
[2009/08/18 17:57:53 | 00,002,206 | ---- | C] () -- C:\wpa.dbl
[2009/08/16 00:35:39 | 00,000,000 | ---D | C] -- C:\b457639b1513fb1dd096809380
[2009/08/16 00:28:52 | 00,000,000 | ---D | C] -- C:\d71a8b3eefcd80401541f22a68127291
[2009/08/16 00:28:42 | 00,000,000 | ---D | C] -- C:\cf686f7e82859fb5860ae4bded1eca8b
[2009/08/16 00:25:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/16 00:20:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/13 13:09:47 | 02,247,086 | ---- | C] () -- C:\Documents and Settings\john\Desktop\P7030026.jpg
[2009/08/12 17:16:40 | 00,048,051 | ---- | C] () -- C:\Documents and Settings\john\Desktop\cgaels-english-crest.gif
[2009/08/12 17:16:31 | 00,048,198 | ---- | C] () -- C:\Documents and Settings\john\Desktop\stmarys-crest-bearla.gif
[2009/08/11 15:00:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/10 14:56:12 | 00,000,000 | ---D | C] -- C:\pra
[2009/08/09 02:29:17 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paddy Power Poker.lnk
[2009/08/06 16:43:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/01 17:50:11 | 00,000,040 | ---- | C] () -- C:\WINDOWS\ujf635.bin
[2009/08/01 17:49:54 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/08/01 17:49:54 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/08/01 17:49:52 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/08/01 17:49:49 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/08/01 17:49:49 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/08/01 17:49:48 | 00,235,352 | ---- | C] () -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/08/01 17:49:47 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/08/01 17:49:44 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/08/01 17:49:44 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/08/01 17:49:42 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/08/01 17:49:40 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/08/01 17:49:39 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/08/01 17:49:38 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/08/01 17:49:36 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/08/01 17:49:35 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/08/01 17:49:35 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/08/01 17:49:34 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/08/01 17:49:32 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/08/01 17:49:32 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/08/01 17:49:31 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/08/01 17:49:28 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/08/01 17:49:28 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/08/01 17:49:27 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/08/01 17:49:25 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/08/01 17:49:24 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/08/01 17:49:24 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/08/01 17:49:22 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/08/01 17:49:20 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/08/01 17:49:17 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/08/01 17:49:16 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/08/01 17:49:14 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/08/01 17:49:14 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/08/01 17:49:13 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/08/01 17:49:11 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/08/01 17:49:08 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/08/01 17:49:08 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/08/01 17:49:07 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/08/01 17:49:05 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/08/01 17:49:03 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/08/01 17:49:03 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/08/01 17:49:01 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/08/01 17:48:58 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/08/01 17:48:58 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/08/01 17:48:56 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/08/01 17:48:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/08/01 17:48:53 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/08/01 17:48:50 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/08/01 17:48:46 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/08/01 17:48:40 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/08/01 17:48:40 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/08/01 17:48:37 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/08/01 17:48:35 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/08/01 17:48:33 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/08/01 17:48:32 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/08/01 17:48:30 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/08/01 17:48:30 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/08/01 17:48:29 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/08/01 17:48:27 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/08/01 17:48:26 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/08/01 17:48:25 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/08/01 17:48:24 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/08/01 17:48:23 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/08/01 17:48:15 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/08/01 17:48:14 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/08/01 17:48:14 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/08/01 17:48:12 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/08/01 17:48:11 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/08/01 17:48:10 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/08/01 17:48:08 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/08/01 17:48:07 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/08/01 17:48:05 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/08/01 17:48:00 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/08/01 17:43:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/08/01 17:42:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/08/01 17:41:10 | 00,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Betfair Poker.lnk
[2009/08/01 17:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\Betfair
[2009/07/29 05:37:01 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/07/29 05:37:01 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/06/24 17:46:13 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/24 17:46:13 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/02 18:49:33 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/03/02 18:49:33 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008/02/13 19:24:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lfcmp13n.dll
[2008/02/07 21:59:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/27 20:37:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/25 18:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/10 14:19:39 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/11/03 20:07:21 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2006/11/03 20:07:21 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2006/11/03 20:07:21 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2006/11/03 20:07:21 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2006/11/03 20:07:21 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2005/10/07 16:45:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/07 16:40:47 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/07 15:51:58 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2005/10/07 15:48:44 | 00,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 08:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:37 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/08/27 22:27:58 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\john\Desktop\RootRepeal.zip
[2009/08/27 22:26:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
[2009/08/27 22:23:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/27 22:23:42 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/27 22:23:42 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/27 22:23:42 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/27 22:23:42 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/27 22:15:02 | 00,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\msicuu2.exe
[2009/08/27 22:04:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 22:04:01 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/27 22:03:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 22:03:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 22:03:32 | 21,468,93824 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/27 21:22:40 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u16-windows-i586.exe
[2009/08/27 21:22:40 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\john\Desktop\jre-6u16-windows-i586.exe
[2009/08/27 21:06:34 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/27 21:06:02 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/08/27 17:34:30 | 40,201,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/27 17:34:30 | 00,069,073 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/27 14:24:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 13:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 23:56:38 | 04,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\john\Desktop\everesthome220.exe
[2009/08/24 22:46:08 | 04,675,584 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\john\Desktop\R99254.EXE
[2009/08/24 22:25:13 | 00,088,304 | ---- | M] () -- C:\Documents and Settings\john\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 10:22:34 | 00,474,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 10:22:34 | 00,085,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/23 10:22:31 | 00,569,646 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/22 12:20:15 | 00,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/22 10:18:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/21 23:35:31 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\john\Desktop\JOHN FRIEL ADDRESS.doc
[2009/08/21 14:58:14 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/21 13:58:04 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/21 13:53:50 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/08/21 09:55:00 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/21 00:02:37 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2009/08/20 15:39:14 | 01,257,417 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe.part
[2009/08/20 15:02:14 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/08/20 14:58:08 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/20 14:58:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/20 12:49:03 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 12:49:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/20 12:49:03 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/20 12:48:58 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/20 11:36:40 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/20 11:25:25 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/20 11:25:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/20 00:35:44 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/20 00:29:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/20 00:29:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/20 00:29:30 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/20 00:28:11 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/20 00:28:11 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/20 00:26:25 | 00,023,412 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/20 00:25:42 | 00,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/08/20 00:17:26 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/08/19 11:13:08 | 00,600,136 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/08/18 18:31:52 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/18 17:51:16 | 00,002,206 | ---- | M] () -- C:\wpa.dbl
[2009/08/13 13:10:23 | 02,247,086 | ---- | M] () -- C:\Documents and Settings\john\Desktop\P7030026.jpg
[2009/08/12 17:16:41 | 00,048,051 | ---- | M] () -- C:\Documents and Settings\john\Desktop\cgaels-english-crest.gif
[2009/08/12 17:16:32 | 00,048,198 | ---- | M] () -- C:\Documents and Settings\john\Desktop\stmarys-crest-bearla.gif
[2009/08/12 00:17:29 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\john\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 02:29:32 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paddy Power Poker.lnk
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/01 17:50:11 | 00,000,040 | ---- | M] () -- C:\WINDOWS\ujf635.bin
[2009/08/01 17:41:10 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Betfair Poker.lnk
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 05:37:01 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/07/29 05:37:01 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/07/29 05:37:01 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/07/29 05:37:01 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
< End of report >



Extra.txt

OTL Extras logfile created on: 27/08/2009 22:28:32 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\john\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.10% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.84% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.78 Gb Total Space | 4.23 Gb Free Space | 8.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MALS-LAPTOP
Current User Name: john
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\LimeWire\LimeWire.exe" = C:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Documents and Settings\mal\Local Settings\Temp\CRY343D.tmp\install.exe" = C:\Documents and Settings\mal\Local Settings\Temp\CRY343D.tmp\install.exe:*:Enabled:setup wizard -- File not found
"C:\Program Files\Betfair Poker\UA.exe" = C:\Program Files\Betfair Poker\UA.exe:*:Enabled:UA Application -- File not found
"C:\Program Files\Betsafe Poker\UA.exe" = C:\Program Files\Betsafe Poker\UA.exe:*:Enabled:UA Application -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- File not found
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- File not found
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\mal\Desktop\utorrent.exe" = C:\Documents and Settings\mal\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0E94871C-623C-464F-A117-B8474BFF84E1}" = Nokia MTP driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}" = Nokia Software Updater
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18B5996A-643E-4176-9BEB-27C45C9F1FC3}" = Nokia Map Loader
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3618C740-C65F-4134-95B4-C42F857EA62D}" = Samsung PC Studio
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4613D63D-52C3-4BC5-BB65-622A801997E2}" = Plan3D
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5783F2D7-0204-0409-0002-0060B0CE6BBA}" = Autodesk Architectural Desktop 2004
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5CCABD37-479D-4304-B1A5-67952C25F8F2}" = Nokia Software Launcher
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1A2073C-33FC-4890-86E2-FE7D2B8AFE0F}" = Betfair Poker
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Audi R8 Screensaver" = Audi R8 Screensaver
"Autodesk Express Viewer" = Autodesk Express Viewer
"AVG8Uninstall" = AVG Free 8.5
"AVIcodec" = AVIcodec (remove only)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CdaC13Ba" = SafeCast Shared Components
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyChat_is1" = EasyChat (beta) 0.2.8
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Internet Explorer Secure Plug-in" = Internet Explorer Secure Plug-in
"Lexmark Z600 Series" = Lexmark Z600 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Paddy Power Poker" = Paddy Power Poker
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Security Messenger" = Security Messenger
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/08/2009 20:01:24 | Computer Name = MALS-LAPTOP | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 26/08/2009 20:01:24 | Computer Name = MALS-LAPTOP | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 27/08/2009 11:13:18 | Computer Name = MALS-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/08/2009 11:13:26 | Computer Name = MALS-LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 27/08/2009 16:46:59 | Computer Name = MALS-LAPTOP | Source = MsiInstaller | ID = 11714
Description = Product: Java™ 6 Update 16 -- Error 1714.The older version of Java™
6 Update 16 cannot be removed. Contact your technical support group. System Error
1624.

Error - 27/08/2009 16:48:19 | Computer Name = MALS-LAPTOP | Source = MsiInstaller | ID = 11714
Description = Product: Java™ 6 Update 16 -- Error 1714.The older version of Java™
6 Update 16 cannot be removed. Contact your technical support group. System Error
1624.

Error - 27/08/2009 17:00:13 | Computer Name = MALS-LAPTOP | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Documents and Settings\john\Application Data\Sun\Java\jre1.6.0_16\jre1.6.0_16.msi
is not permitted due to an error in software restriction policy processing. The
object cannot be trusted.

Error - 27/08/2009 17:15:24 | Computer Name = MALS-LAPTOP | Source = MsiInstaller | ID = 11714
Description = Product: Java™ 6 Update 16 -- Error 1714.The older version of Java™
6 Update 16 cannot be removed. Contact your technical support group. System Error
1624.

Error - 27/08/2009 17:16:24 | Computer Name = MALS-LAPTOP | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 3088 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {26A24AE4-039D-4CA4-87B4-2F83216011FF}

Error - 27/08/2009 17:22:00 | Computer Name = MALS-LAPTOP | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 16 -- Error 25099. Unzipping core files
failed.

[ System Events ]
Error - 24/08/2009 18:10:53 | Computer Name = MALS-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 24/08/2009 18:15:49 | Computer Name = MALS-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 24/08/2009 18:15:57 | Computer Name = MALS-LAPTOP | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 25/08/2009 05:47:02 | Computer Name = MALS-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 25/08/2009 05:47:06 | Computer Name = MALS-LAPTOP | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 26/08/2009 05:43:10 | Computer Name = MALS-LAPTOP | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 26/08/2009 05:43:15 | Computer Name = MALS-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 26/08/2009 06:25:32 | Computer Name = MALS-LAPTOP | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.

Error - 26/08/2009 06:35:08 | Computer Name = MALS-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 26/08/2009 06:35:21 | Computer Name = MALS-LAPTOP | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .


< End of report >



RootRepeal.txt

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 22:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB700B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA61E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9475000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\mal\local settings\temp\~df8cfe.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\mal\local settings\temp\etilqs_rghknxvwf8dai2cqdhib
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\mal\local settings\temp\etilqs_ishizvcbudtvtng9gapq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\john\Local Settings\Apps\2.0\6YOPCOQG.DH1\XW8QXJQK.DJX\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

==EOF==

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:47 PM

Posted 27 August 2009 - 05:48 PM

It is just some leftovers of symantec then, you can run their cleanup tool to get rid of these leftovers.

To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.


Next

Right click here and select Save Link As (in IE it's "Save Target As").
Save it as DelDomains.inf and in "Save as type" select all files then save it to to your desktop.
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplyed.

Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [NPSStartup] File not found
    O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\john\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then please post back here with the following:
  • OTL results
  • New OTL log
  • Kaspersky results
Thanks

unite.jpg


#7 jfriel

jfriel
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 28 August 2009 - 03:33 AM

OTL results

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Guest
File delete failed. C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\KKA8Z6JI\addyn%7C3[1].0%7C500%7C1396236%7C0%7C1%7CADTECH;cfp=1;rndc=120887083;cookie=info;loc=100;target=_blank;key=key=key1+key2+key3+key4+;grp=5554232;misc=1208870840187 scheduled to be deleted on reboot.
->Temp folder emptied: 966 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 4047944 bytes
->FireFox cache emptied: 1541798 bytes

User: john
->Temp folder emptied: 16844337 bytes
->Temporary Internet Files folder emptied: 1177182 bytes
->Java cache emptied: 26615007 bytes
->FireFox cache emptied: 48571749 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3025552 bytes

User: mal

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\55A6283C638A4EE0B49151118554BDA2.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 220538 bytes
%systemroot%\System32 .tmp files removed: 3613713 bytes
Windows Temp folder emptied: 562432 bytes
RecycleBin emptied: 182 bytes

Total Files Cleaned = 101.36 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08282009_002207

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Guest\Local Settings\Temp\Temporary Internet Files\Content.IE5\KKA8Z6JI\addyn%7C3[1].0%7C500%7C1396236%7C0%7C1%7CADTECH;cfp=1;rndc=120887083;cookie=info;loc=100;target=_blank;key=key=key1+key2+key3+key4+;grp=5554232;misc=1208870840187 not found!

Registry entries deleted on Reboot...


New OTL log

OTL logfile created on: 28/08/2009 00:30:18 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\john\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.70% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.97% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.78 Gb Total Space | 4.36 Gb Free Space | 8.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MALS-LAPTOP
Current User Name: john
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2003/02/25 06:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2003/02/25 06:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/20 12:48:53 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/30 01:35:45 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
PRC - [2008/12/13 18:15:26 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe
PRC - [2009/08/27 22:23:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/06/21 00:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/08/20 12:48:51 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 12:49:03 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 12:48:55 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2004/09/07 16:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/20 12:49:03 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/09/07 16:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/05/12 21:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004/10/30 14:59:54 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/01/27 18:16:58 | 00,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2007/10/09 17:21:06 | 00,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2004/09/03 09:58:48 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
PRC - [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/09/15 01:01:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2009/08/20 12:48:59 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2009/08/27 22:23:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/08 21:48:38 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/27 22:26:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/08/20 12:48:51 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/20 12:48:53 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/10/09 17:21:02 | 00,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/11/30 01:35:45 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/13 18:15:26 | 00,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe -- (FsUsbExService [Auto | Running])
SRV - [2009/07/07 20:45:12 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ff3b80ed74ee [Auto | Stopped])
SRV - [2009/08/21 11:22:21 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/27 22:23:43 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/02/25 06:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])
SRV - [2005/06/21 00:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2008/08/07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/02/04 14:20:50 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2004/11/16 16:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2004/06/30 09:39:36 | 00,016,128 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys -- (Appdrv [On_Demand | Running])
DRV - [2004/08/04 13:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/05/13 02:46:20 | 01,132,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/08/20 12:49:03 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/20 12:49:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/20 12:48:58 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/05/26 20:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2005/11/30 01:35:47 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS -- (CdaC15BA [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/08/12 08:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iwca.sys -- (IWCA [On_Demand | Running])
DRV - [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/05/07 07:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008/05/07 07:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2007/09/17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/01/09 12:18:08 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2004/08/31 08:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/08/18 18:31:52 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Stopped])
DRV - [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2008/02/22 16:33:00 | 00,087,936 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2008/02/22 16:33:02 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2008/02/22 16:33:02 | 00,114,304 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2005/03/10 16:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2004/08/04 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2004/08/04 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2004/08/04 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/06/06 09:24:44 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008/02/18 11:16:24 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/14 00:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008/05/07 07:38:36 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2004/10/21 20:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2008/12/13 18:15:26 | 00,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.SYS -- (FsUsbExDisk [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1



IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\S-1-5-21-1705597141-3943613990-1634738062-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.014.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/20 13:13:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/20 13:13:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/27 22:23:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/11 15:32:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/21 17:07:36 | 00,000,000 | ---D | M]

[2009/07/09 02:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Extensions
[2009/06/23 22:09:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/09 02:31:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/08/27 22:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions
[2009/08/07 10:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/08/07 10:49:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}(2)
[2006/01/28 18:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\john\Application Data\mozilla\Firefox\Profiles\cpzdm4p0.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/27 22:34:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/17 00:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/08 21:49:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/02 20:11:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/02/05 14:22:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/27 22:24:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/08 21:48:28 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/08 21:48:29 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/08/27 22:23:44 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 23:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/08 21:48:45 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/23 12:54:22 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/07 13:48:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/07 13:48:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/23 12:54:46 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/06/23 12:54:11 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/08 21:48:49 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/08 21:48:49 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/20 13:19:03 | 00,001,489 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/08/08 21:48:49 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/08 21:48:49 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/08 21:48:49 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/08 21:48:49 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/08 21:48:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/08 21:48:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (292138 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe File not found
O4 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1705597141-3943613990-1634738062-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://ebanking.northernbank.co.uk/html/ac...B/e-Safekey.cab (e-Safekey)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/en/10/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...200/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/28 00:22:07 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/28 00:20:42 | 00,001,432 | ---- | C] () -- C:\Documents and Settings\john\Desktop\DelDomains.inf
[2009/08/28 00:19:56 | 00,000,775 | ---- | C] () -- C:\Documents and Settings\john\Desktop\inffix_xp.zip
[2009/08/27 23:56:55 | 02,908,976 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\john\Desktop\Norton_Removal_Tool.exe
[2009/08/27 22:34:45 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\john\Desktop\settings.dat
[2009/08/27 22:33:59 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\john\Desktop\RootRepeal.exe
[2009/08/27 22:27:47 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\john\Desktop\RootRepeal.zip
[2009/08/27 22:25:52 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
[2009/08/27 22:24:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/27 22:24:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/27 22:24:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/27 22:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/27 22:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/08/27 22:15:15 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/08/27 22:15:00 | 00,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\msicuu2.exe
[2009/08/27 22:03:32 | 21,468,93824 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/27 22:01:11 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\jre-6u16-windows-i586.exe
[2009/08/27 21:17:50 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\john\Desktop\jre-6u16-windows-i586.exe
[2009/08/27 21:03:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Local Settings\Application Data\Temp
[2009/08/24 23:55:07 | 04,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\john\Desktop\everesthome220.exe
[2009/08/24 22:39:27 | 04,675,584 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\john\Desktop\R99254.EXE
[2009/08/24 22:25:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Local Settings\Application Data\Deployment
[2009/08/21 23:35:31 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\john\Desktop\JOHN FRIEL ADDRESS.doc
[2009/08/21 13:58:04 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/21 13:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/08/21 13:53:50 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/08/21 13:53:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/08/21 09:52:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/21 01:20:31 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/08/21 01:20:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/08/21 01:20:29 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/08/21 01:18:51 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/08/21 01:01:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/08/20 17:01:00 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/08/20 17:01:00 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2009/08/20 17:01:00 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/08/20 17:01:00 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll
[2009/08/20 17:01:00 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys
[2009/08/20 17:01:00 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2009/08/20 17:01:00 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll
[2009/08/20 15:38:47 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2009/08/20 14:59:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Desktop\MALWARE FIX
[2009/08/20 14:32:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Desktop\Sharking
[2009/08/20 13:43:45 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/08/20 13:43:00 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/08/20 13:42:59 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/08/20 13:42:09 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/08/20 13:42:05 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/08/20 13:39:46 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/08/20 13:39:45 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/08/20 13:39:45 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/08/20 13:39:45 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/08/20 13:39:45 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/08/20 13:39:44 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/08/20 13:39:44 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/08/20 13:39:44 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/08/20 13:39:43 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/08/20 13:39:42 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/08/20 13:39:40 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/08/20 13:35:28 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/08/20 13:35:09 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/08/20 13:24:57 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/08/20 13:24:44 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/08/20 13:23:52 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/08/20 13:22:37 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/20 13:22:06 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/08/20 13:20:32 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/08/20 13:20:22 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/20 13:20:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/08/20 13:20:11 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/08/20 13:20:11 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/08/20 13:20:11 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/08/20 13:20:10 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/08/20 13:20:09 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/08/20 11:25:25 | 40,201,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/20 11:25:25 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/20 11:25:25 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/20 11:25:25 | 00,069,073 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/20 11:25:25 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/20 11:25:25 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/20 11:25:23 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 11:25:23 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/20 11:25:22 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/20 11:25:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/20 11:25:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Application Data\AVGTOOLBAR
[2009/08/20 11:24:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/20 00:59:01 | 21,453,86496 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/08/20 00:33:46 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/08/20 00:33:46 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/08/20 00:33:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/08/20 00:33:44 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/08/20 00:33:44 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/08/20 00:33:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/08/20 00:33:44 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/08/20 00:33:38 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/08/20 00:33:36 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/08/20 00:33:35 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/08/20 00:33:35 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/08/20 00:33:35 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/08/20 00:33:34 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/08/20 00:33:34 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/08/20 00:33:34 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/08/20 00:33:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/08/20 00:33:29 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/08/20 00:33:27 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/08/20 00:33:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/08/20 00:33:25 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/08/20 00:33:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/08/20 00:33:25 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/08/20 00:33:24 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/08/20 00:33:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/08/20 00:33:23 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/08/20 00:33:23 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/08/20 00:33:23 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/08/20 00:33:23 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/08/20 00:33:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/08/20 00:33:23 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/08/20 00:33:23 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/08/20 00:33:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/08/20 00:33:22 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/08/20 00:33:22 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/08/20 00:33:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/08/20 00:33:15 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/08/20 00:33:13 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/08/20 00:33:13 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/08/20 00:33:11 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/08/20 00:33:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/08/20 00:33:09 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/08/20 00:33:09 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/08/20 00:33:05 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/08/20 00:33:05 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/08/20 00:33:04 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/08/20 00:33:04 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/08/20 00:33:04 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/08/20 00:33:04 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/08/20 00:33:03 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/08/20 00:33:02 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/08/20 00:32:55 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/08/20 00:32:53 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/08/20 00:32:32 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/08/20 00:32:32 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/08/20 00:32:32 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/08/20 00:32:30 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/08/20 00:32:28 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/08/20 00:32:22 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/08/20 00:32:22 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/08/20 00:32:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/08/20 00:32:19 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/08/20 00:32:17 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/08/20 00:32:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/08/20 00:32:15 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/08/20 00:32:14 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/08/20 00:32:14 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/08/20 00:32:02 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/08/20 00:31:53 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/08/20 00:31:52 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/08/20 00:31:51 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/08/20 00:31:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/08/20 00:31:49 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/08/20 00:31:49 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/08/20 00:31:49 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/08/20 00:31:34 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/08/20 00:31:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/08/20 00:31:34 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/08/20 00:31:34 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/08/20 00:31:31 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/08/20 00:31:31 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/08/20 00:31:31 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/08/20 00:31:30 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/08/20 00:31:30 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/08/20 00:31:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/08/20 00:31:29 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/08/20 00:31:29 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/08/20 00:31:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/08/20 00:31:28 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/08/20 00:31:28 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/08/20 00:31:26 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/08/20 00:31:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/08/20 00:31:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/08/20 00:31:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/08/20 00:31:23 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/08/20 00:31:23 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/08/20 00:31:23 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/08/20 00:31:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/08/20 00:31:22 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/08/20 00:31:22 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/08/20 00:31:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/08/20 00:31:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/08/20 00:31:19 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/08/20 00:31:17 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/08/20 00:31:15 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/08/20 00:31:15 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/08/20 00:31:14 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/08/20 00:31:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/08/20 00:31:10 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/08/20 00:31:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/08/20 00:31:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/08/20 00:30:51 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/08/20 00:30:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/08/20 00:30:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/08/20 00:30:50 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/08/20 00:30:50 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/08/20 00:30:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/08/20 00:30:46 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/08/20 00:28:11 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/20 00:13:21 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/08/20 00:13:21 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/08/20 00:13:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/08/20 00:13:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/08/20 00:13:04 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/08/20 00:13:04 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/08/20 00:13:04 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/08/20 00:13:04 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/08/20 00:13:04 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/08/20 00:13:03 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/08/20 00:13:03 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/08/19 11:13:07 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/08/19 11:13:07 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/08/19 11:13:06 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/08/19 11:13:06 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/08/19 11:13:04 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/08/19 11:13:04 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/08/19 11:12:56 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/08/19 11:12:56 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/08/19 11:12:47 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/08/19 11:12:47 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/08/19 11:12:42 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/08/19 11:12:42 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/08/19 11:12:36 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/08/19 11:12:36 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/08/18 20:47:24 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/08/18 20:47:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/08/18 20:44:58 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/08/18 20:44:26 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/08/18 20:44:26 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/08/18 20:44:26 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/08/18 20:44:25 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/08/18 20:44:25 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/08/18 20:01:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/08/18 20:01:15 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/08/18 19:13:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/18 19:13:40 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/08/18 19:13:35 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/08/18 18:31:51 | 00,721,904 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/18 18:31:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\john\Application Data\DAEMON Tools Lite
[2009/08/18 17:57:53 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\wpabaln.exe
[2009/08/18 17:57:53 | 00,002,206 | ---- | C] () -- C:\wpa.dbl
[2009/08/16 00:35:39 | 00,000,000 | ---D | C] -- C:\b457639b1513fb1dd096809380
[2009/08/16 00:28:52 | 00,000,000 | ---D | C] -- C:\d71a8b3eefcd80401541f22a68127291
[2009/08/16 00:28:42 | 00,000,000 | ---D | C] -- C:\cf686f7e82859fb5860ae4bded1eca8b
[2009/08/16 00:25:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/16 00:20:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/13 13:09:47 | 02,247,086 | ---- | C] () -- C:\Documents and Settings\john\Desktop\P7030026.jpg
[2009/08/12 17:16:40 | 00,048,051 | ---- | C] () -- C:\Documents and Settings\john\Desktop\cgaels-english-crest.gif
[2009/08/12 17:16:31 | 00,048,198 | ---- | C] () -- C:\Documents and Settings\john\Desktop\stmarys-crest-bearla.gif
[2009/08/11 15:00:18 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/10 14:56:12 | 00,000,000 | ---D | C] -- C:\pra
[2009/08/09 02:29:17 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paddy Power Poker.lnk
[2009/08/06 16:43:02 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/01 17:50:11 | 00,000,040 | ---- | C] () -- C:\WINDOWS\ujf635.bin
[2009/08/01 17:49:54 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/08/01 17:49:54 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/08/01 17:49:52 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/08/01 17:49:49 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/08/01 17:49:49 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/08/01 17:49:48 | 00,235,352 | ---- | C] () -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/08/01 17:49:47 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/08/01 17:49:44 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009/08/01 17:49:44 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009/08/01 17:49:42 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009/08/01 17:49:40 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009/08/01 17:49:39 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009/08/01 17:49:38 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009/08/01 17:49:36 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009/08/01 17:49:35 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009/08/01 17:49:35 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009/08/01 17:49:34 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009/08/01 17:49:32 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009/08/01 17:49:32 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009/08/01 17:49:31 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009/08/01 17:49:28 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/08/01 17:49:28 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/08/01 17:49:27 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/08/01 17:49:25 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/08/01 17:49:24 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/08/01 17:49:24 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/08/01 17:49:22 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/08/01 17:49:20 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/08/01 17:49:17 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/08/01 17:49:16 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/08/01 17:49:14 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/08/01 17:49:14 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/08/01 17:49:13 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/08/01 17:49:11 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/08/01 17:49:08 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/08/01 17:49:08 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/08/01 17:49:07 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/08/01 17:49:05 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/08/01 17:49:03 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/08/01 17:49:03 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/08/01 17:49:01 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/08/01 17:48:58 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/08/01 17:48:58 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/08/01 17:48:56 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/08/01 17:48:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/08/01 17:48:53 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/08/01 17:48:50 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/08/01 17:48:46 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/08/01 17:48:40 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/08/01 17:48:40 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/08/01 17:48:37 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/08/01 17:48:35 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/08/01 17:48:33 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/08/01 17:48:32 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/08/01 17:48:30 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/08/01 17:48:30 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/08/01 17:48:29 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/08/01 17:48:27 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/08/01 17:48:26 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/08/01 17:48:25 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/08/01 17:48:24 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/08/01 17:48:23 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/08/01 17:48:15 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/08/01 17:48:14 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/08/01 17:48:14 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/08/01 17:48:12 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/08/01 17:48:11 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/08/01 17:48:10 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/08/01 17:48:08 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/08/01 17:48:07 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/08/01 17:48:05 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/08/01 17:48:00 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/08/01 17:42:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/08/01 17:41:10 | 00,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Betfair Poker.lnk
[2009/08/01 17:41:04 | 00,000,000 | ---D | C] -- C:\Program Files\Betfair
[2009/07/29 05:37:01 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/07/29 05:37:01 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/06/24 17:46:13 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/24 17:46:13 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/02 18:49:33 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/03/02 18:49:33 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2008/02/13 19:24:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\lfcmp13n.dll
[2008/02/07 21:59:17 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/27 20:37:38 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/25 18:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/10 14:19:39 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/11/03 20:07:21 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2006/11/03 20:07:21 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2006/11/03 20:07:21 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2006/11/03 20:07:21 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2006/11/03 20:07:21 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2005/10/07 16:45:23 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/07 16:40:47 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/07 15:51:58 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\Stac97co.dll
[2005/10/07 15:48:44 | 00,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 08:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 17:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:00:37 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 17:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/28 00:24:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/28 00:24:19 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/28 00:23:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/28 00:23:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/28 00:23:46 | 21,468,93824 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/28 00:20:42 | 00,001,432 | ---- | M] () -- C:\Documents and Settings\john\Desktop\DelDomains.inf
[2009/08/28 00:19:56 | 00,000,775 | ---- | M] () -- C:\Documents and Settings\john\Desktop\inffix_xp.zip
[2009/08/27 23:57:56 | 02,908,976 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\john\Desktop\Norton_Removal_Tool.exe
[2009/08/27 23:03:00 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/27 22:35:05 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\john\Desktop\settings.dat
[2009/08/27 22:27:58 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\john\Desktop\RootRepeal.zip
[2009/08/27 22:26:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\john\Desktop\OTL.exe
[2009/08/27 22:23:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/27 22:23:42 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/27 22:23:42 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/27 22:23:42 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/27 22:23:42 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/27 22:15:02 | 00,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\msicuu2.exe
[2009/08/27 21:22:40 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\jre-6u16-windows-i586.exe
[2009/08/27 21:22:40 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\john\Desktop\jre-6u16-windows-i586.exe
[2009/08/27 21:06:02 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/08/27 17:34:30 | 40,201,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/27 17:34:30 | 00,069,073 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/27 14:24:07 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/26 13:32:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/24 23:56:38 | 04,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\john\Desktop\everesthome220.exe
[2009/08/24 22:46:08 | 04,675,584 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\john\Desktop\R99254.EXE
[2009/08/24 22:25:13 | 00,088,304 | ---- | M] () -- C:\Documents and Settings\john\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 10:22:34 | 00,474,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/23 10:22:34 | 00,085,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/23 10:22:31 | 00,569,646 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/22 12:20:15 | 00,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/22 10:18:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/21 23:35:31 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\john\Desktop\JOHN FRIEL ADDRESS.doc
[2009/08/21 14:58:14 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/21 13:58:04 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/21 13:53:50 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/08/21 09:55:00 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/21 00:02:37 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\john\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2009/08/20 15:02:14 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/08/20 14:58:08 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/20 14:58:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/20 12:49:03 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 12:49:03 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/20 12:49:03 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/20 12:48:58 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/20 11:36:40 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/20 11:25:25 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/20 11:25:23 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/20 00:35:44 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/20 00:29:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/20 00:29:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/20 00:29:30 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/20 00:28:11 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/20 00:28:11 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/20 00:28:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/20 00:26:25 | 00,023,412 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/20 00:25:42 | 00,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/08/20 00:17:26 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/08/19 11:13:08 | 00,600,136 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/08/18 18:31:52 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/18 17:51:16 | 00,002,206 | ---- | M] () -- C:\wpa.dbl
[2009/08/13 13:10:23 | 02,247,086 | ---- | M] () -- C:\Documents and Settings\john\Desktop\P7030026.jpg
[2009/08/13 11:14:00 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\john\Desktop\RootRepeal.exe
[2009/08/12 17:16:41 | 00,048,051 | ---- | M] () -- C:\Documents and Settings\john\Desktop\cgaels-english-crest.gif
[2009/08/12 17:16:32 | 00,048,198 | ---- | M] () -- C:\Documents and Settings\john\Desktop\stmarys-crest-bearla.gif
[2009/08/12 00:17:29 | 00,005,632 | ---- | M] () -- C:\Documents and Settings\john\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/09 02:29:32 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paddy Power Poker.lnk
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/01 17:50:11 | 00,000,040 | ---- | M] () -- C:\WINDOWS\ujf635.bin
[2009/08/01 17:41:10 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Betfair Poker.lnk
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 05:37:01 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/07/29 05:37:01 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/07/29 05:37:01 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/07/29 05:37:01 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
< End of report >


Kaspersky results

Friday, August 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 28, 2009 01:53:43
Records in database: 2693984
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Objects scanned 83549
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:19:32

No threats found. Scanned area is clean.
Selected area has been scanned.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:47 PM

Posted 28 August 2009 - 01:29 PM

Hi jfriel,

How is your computer running now, any problems?

Update Adobe reader
  • Click Start > Control Panel > Add/Remove Programs
  • Remove any older versions of Adobe Reader.
  • Click here to download the latest version of Adobe Acrobat Reader.
  • Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • Close your Internet browser and open it again.
Then please post back with a new DDS log.

Thanks
Syler

unite.jpg


#9 jfriel

jfriel
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 29 August 2009 - 07:31 AM

Laptop seems to be running pretty well now - the only thing wrong that is probably unrelated to malware issues is the sound card is not being picked up - device not found is displayed for some reason - if you have any suggestions on how to pick it up again that would be great. Tried installing the driver again but hasnt worked.

DDS LOG


DDS (Ver_09-07-30.01) - NTFSx86
Run by john at 13:19:57.10 on 29/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1368 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\john\Desktop\MALWARE FIX\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5776A2BC-D803-47F6-9DC0-8344DB8D604C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /Get1noarp
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/en/10/install/gtdownde.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5200/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\cpzdm4p0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\cpzdm4p0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-20 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-20 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-20 297752]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-3-2 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-3-2 36608]
S2 gupdate1c9ff3b80ed74ee;Google Update Service (gupdate1c9ff3b80ed74ee);c:\program files\google\update\GoogleUpdate.exe [2009-7-7 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2009-08-28 00:22 <DIR> --d----- C:\_OTL
2009-08-27 22:15 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-08-27 22:15 <DIR> --d----- c:\program files\MSECACHE
2009-08-27 22:01 16,664,352 a------- C:\jre-6u16-windows-i586.exe
2009-08-21 01:20 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-08-21 01:20 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-08-21 01:20 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-08-21 01:18 81,920 -------- c:\windows\system32\ieencode.dll
2009-08-21 00:16 <DIR> --dsh--- c:\documents and settings\john\PrivacIE
2009-08-20 17:01 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-08-20 17:01 301,568 -c------ c:\windows\system32\dllcache\kerberos.dll
2009-08-20 17:01 147,456 -c------ c:\windows\system32\dllcache\schannel.dll
2009-08-20 17:01 136,192 -c------ c:\windows\system32\dllcache\msv1_0.dll
2009-08-20 17:01 92,928 -c------ c:\windows\system32\dllcache\ksecdd.sys
2009-08-20 17:01 56,832 -c------ c:\windows\system32\dllcache\secur32.dll
2009-08-20 17:01 54,272 -c------ c:\windows\system32\dllcache\wdigest.dll
2009-08-20 13:43 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-20 13:43 80,896 -c------ c:\windows\system32\dllcache\tlntsess.exe
2009-08-20 13:42 76,288 -c------ c:\windows\system32\dllcache\telnet.exe
2009-08-20 13:42 132,096 -c------ c:\windows\system32\dllcache\wkssvc.dll
2009-08-20 13:42 84,992 -c------ c:\windows\system32\dllcache\avifil32.dll
2009-08-20 13:39 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-08-20 13:39 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-08-20 13:39 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-08-20 13:39 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-08-20 13:39 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-08-20 13:39 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-08-20 13:39 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-08-20 13:39 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-20 13:39 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-20 13:39 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-20 13:39 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-20 13:35 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-08-20 13:35 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-20 13:24 <DIR> --d----- c:\program files\CleanUp!
2009-08-20 13:24 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-08-20 13:23 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-08-20 13:22 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-08-20 13:22 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-08-20 13:20 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-08-20 13:20 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-20 13:20 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-20 13:20 1,985,536 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-08-20 13:20 594,432 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-08-20 13:20 55,296 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-20 13:20 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-20 13:20 11,067,392 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-08-20 11:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-08-20 11:25 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-20 11:25 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 11:25 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-20 11:25 <DIR> --d----- c:\docume~1\john\applic~1\AVGTOOLBAR
2009-08-20 11:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-20 00:59 2,145,386,496 a------- c:\windows\MEMORY.DMP
2009-08-20 00:32 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-08-20 00:31 7,680 ac------ c:\windows\system32\dllcache\ftpctrs2.dll
2009-08-20 00:30 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-08-20 00:30 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-08-20 00:30 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-08-20 00:30 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-08-20 00:30 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-08-20 00:30 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-08-20 00:30 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-08-20 00:28 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-08-20 00:28 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-08-20 00:13 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-08-20 00:13 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-08-20 00:13 24,661 a------- c:\windows\system32\spxcoins.dll
2009-08-20 00:13 13,312 a------- c:\windows\system32\irclass.dll
2009-08-20 00:13 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-08-20 00:13 37,484 ac------ c:\windows\system32\dllcache\MW770.CAT
2009-08-20 00:13 13,472 ac------ c:\windows\system32\dllcache\HPCRDP.CAT
2009-08-20 00:13 8,574 ac------ c:\windows\system32\dllcache\IASNT4.CAT
2009-08-20 00:13 7,382 ac------ c:\windows\system32\dllcache\OEMBIOS.CAT
2009-08-20 00:13 1,042,903 ac------ c:\windows\system32\dllcache\SP2.CAT
2009-08-20 00:13 797,189 ac------ c:\windows\system32\dllcache\NT5IIS.CAT
2009-08-19 11:13 202,776 ac------ c:\windows\system32\dllcache\wuweb.dll
2009-08-19 11:13 34,328 ac------ c:\windows\system32\dllcache\wups.dll
2009-08-19 11:13 323,608 ac------ c:\windows\system32\dllcache\wucltui.dll
2009-08-19 11:12 1,809,944 ac------ c:\windows\system32\dllcache\wuaueng.dll
2009-08-19 11:12 213,528 ac------ c:\windows\system32\dllcache\wuaucpl.cpl
2009-08-19 11:12 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-08-19 11:12 51,224 ac------ c:\windows\system32\dllcache\wuauclt.exe
2009-08-19 11:12 561,688 ac------ c:\windows\system32\dllcache\wuapi.dll
2009-08-18 20:47 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-18 20:47 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-08-18 20:44 65,832 a------- c:\windows\Santa Fe Stucco.bmp
2009-08-18 20:44 26,680 a------- c:\windows\River Sumida.bmp
2009-08-18 20:44 17,362 a------- c:\windows\Rhododendron.bmp
2009-08-18 20:44 65,954 a------- c:\windows\Prairie Wind.bmp
2009-08-18 20:44 26,582 a------- c:\windows\Greenstone.bmp
2009-08-18 20:01 4,161 a------- c:\windows\ODBCINST.INI
2009-08-18 20:01 <DIR> --d----- c:\program files\common files\ODBC
2009-08-18 20:01 7,334 ac------ c:\windows\system32\dllcache\wmerrenu.cat
2009-08-18 19:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-08-18 19:13 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-08-18 19:13 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-08-18 18:31 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-08-18 18:31 <DIR> --d----- c:\docume~1\john\applic~1\DAEMON Tools Lite
2009-08-18 17:57 32,256 a------- C:\wpabaln.exe
2009-08-18 17:57 2,206 a------- C:\wpa.dbl
2009-08-16 23:37 <DIR> --dsh--- c:\documents and settings\john\IETldCache
2009-08-16 00:35 <DIR> --d----- C:\b457639b1513fb1dd096809380
2009-08-16 00:28 <DIR> --d----- C:\d71a8b3eefcd80401541f22a68127291
2009-08-16 00:28 <DIR> --d----- C:\cf686f7e82859fb5860ae4bded1eca8b
2009-08-16 00:25 <DIR> --d----- c:\windows\ie8updates
2009-08-16 00:20 <DIR> -cd-h--- c:\windows\ie8
2009-08-11 15:00 <DIR> --d----- c:\program files\Trend Micro
2009-08-10 14:56 <DIR> --d----- C:\pra
2009-08-07 10:51 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-01 17:50 40 a------- c:\windows\ujf635.bin
2009-08-01 17:48 266,088 a------- c:\windows\system32\xactengine2_8.dll
2009-08-01 17:42 <DIR> --d----- c:\windows\Logs
2009-08-01 17:41 <DIR> --d----- c:\program files\Betfair

==================== Find3M ====================

2009-08-27 22:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-20 00:26 23,412 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 05:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-17 19:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 19:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 19:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 19:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 19:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 19:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 19:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 19:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 19:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 19:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 19:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 19:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 19:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-23 12:54 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-22 12:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 12:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 12:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-12 13:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 15:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 07:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2007-12-02 20:14 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-07-04 15:15 49,498 a------- c:\program files\popcorn Terms.html

============= FINISH: 13:20:51.92 ===============

Attached Files



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:47 PM

Posted 29 August 2009 - 11:58 AM

Im not sure about your sound card I don't think it's malware related, so you would be best asking in the XP forum about that.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
succeptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls I would recomend, only install one of these.

Zone Alarm
comodo.........Note: Only Install the Firewall as a standalone if you already have an AntiVirus installed on your computer.

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:47 PM

Posted 01 September 2009 - 11:56 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users