Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktoplayer.exe Trojan Virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 bgm_co

bgm_co

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 09 October 2010 - 02:17 PM

Hey I'm having some trouble with this one...

I have fired the PC back up in safe mode but as soon as I try to use combofix, the CPU goes upto 100% and computer pretty much freezes.

This site normally has all the info I need, but I amstuck on this one. sad.gif

Hey I just managed to do a OTL scan, here are the results:- Hope this can help me work towards shifting the problem.... run in safemode

OTL logfile created on: 10/10/2010 13:31:36 - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:Documents and SettingsBERNIEDesktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 465.76 Gb Total Space | 177.76 Gb Free Space | 38.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESIGNWORK
Current User Name: BERNIE
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 360 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:Documents and SettingsBERNIEDesktopOTL.exe (OldTimer Tools)
PRC - C:Program FilesAVGAVG9avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:WINDOWSexplorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:Documents and SettingsBERNIEDesktopOTL.exe (OldTimer Tools)
MOD - C:WINDOWSWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03comctl32.dll (Microsoft Corporation)
MOD - C:WINDOWSsystem32msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:Program FilesPC Connectivity SolutionServiceLayer.exe File not found
SRV - (AppMgmt) -- C:WINDOWSSystem32appmgmts.dll File not found
SRV - (Adobe LM Service) -- C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe File not found
SRV - (avg9wd) -- C:Program FilesAVGAVG9avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe (Apple Inc.)
SRV - (nitrodriverreadspool) -- C:Program FilesNitro PDFProfessionalNitroPDFDriverService.exe (Nitro PDF Software)
SRV - (astcc) -- C:WINDOWSsystem32ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (fsssvc) -- C:Program FilesWindows LiveFamily Safetyfsssvc.exe (Microsoft Corporation)
SRV - (seaport) -- C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe (Microsoft Corp.)
SRV - (ZuneNetworkSvc) -- C:Program FilesZuneZuneNss.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (ijst) -- C:WINDOWSSystem32driversoqmsd.sys File not found
DRV - (catchme) -- C:ComboFixcatchme.sys File not found
DRV - (avgtdix) -- C:WINDOWSSystem32Driversavgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:WINDOWSSystem32Driversavgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:WINDOWSSystem32Driversavgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (25a3b05b) -- C:WINDOWSSystem32drivers25a3b05b.sys ()
DRV - (fssfltr) -- C:WINDOWSsystem32driversfssfltr_tdi.sys (Microsoft Corporation)
DRV - (nmwcd) -- C:WINDOWSsystem32driversnmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:WINDOWSsystem32driversnmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:WINDOWSsystem32driversnmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:WINDOWSsystem32driversnmwcdc.sys (Nokia)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:WINDOWSsystem32driversALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:WINDOWSsystem32driversati2mtag.sys (ATI Technologies Inc.)
DRV - (m5288) -- C:WINDOWSsystem32driversm5288.sys (ULi Electronics Inc.)
DRV - (si3112r) -- C:WINDOWSsystem32driverssi3112r.sys (Silicon Image, Inc.)
DRV - (SiWinAcc) -- C:WINDOWSsystem32driversSiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:WINDOWSsystem32DRIVERSSiWinAcc.sys (Silicon Image, Inc.)
DRV - (nvraid) -- C:WINDOWSsystem32driversnvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:WINDOWSsystem32driversnvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:WINDOWSsystem32driversiaStor.sys (Intel Corporation)
DRV - (AFS2K) -- C:WINDOWSSystem32driversAFS2K.SYS (Oak Technology Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:WINDOWSsystem32driversRTL8139.sys (Realtek Semiconductor Corporation)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:WINDOWSsystem32driverslvcd.sys (Logitech Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = %SystemRoot%system32blank.htm
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsystem32blank.htm
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://publicaccess.testvalley.gov.uk/publ...searchform.aspx
IE - HKCU..URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU..URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll ()
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.zurich.co.uk/buildingguarantee/index.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19


FF - HKLMsoftwaremozillaFirefoxExtensions{3f963a5b-e555-4543-90e2-c3908898db71}: C:Program FilesAVGAVG9Firefox [2010/10/02 21:34:43 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaFirefoxExtensionsavg@igeared: C:Program FilesAVGAVG9ToolbarFirefoxavg@igeared [2009/12/16 23:50:19 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaFirefoxExtensions{20a82645-c095-46ed-80e3-08825760534b}: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension [2009/08/08 03:01:02 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Firefox 3.0.19extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2010/08/15 10:01:19 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Firefox 3.0.19extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2010/10/09 17:57:28 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Thunderbird 2.0.0.12extensionsComponents: C:Program FilesMozilla Thunderbirdcomponents [2010/07/28 12:38:59 | 000,000,000 | ---D | M]
FF - HKLMsoftwaremozillaMozilla Thunderbird 2.0.0.12extensionsPlugins: C:Program FilesMozilla Thunderbirdplugins [2010/10/09 17:57:38 | 000,000,000 | ---D | M]

[2008/12/09 11:46:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataMozillaExtensions
[2008/12/09 11:46:28 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsBERNIEApplication DataMozillaExtensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataMozillaFirefoxProfilesa8bb4h51.defaultextensions
[2010/07/20 12:10:46 | 000,000,000 | ---D | M] (FlashGot) -- C:Documents and SettingsBERNIEApplication DataMozillaFirefoxProfilesa8bb4h51.defaultextensions{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/29 10:20:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:Documents and SettingsBERNIEApplication DataMozillaFirefoxProfilesa8bb4h51.defaultextensions{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/20 12:10:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:Documents and SettingsBERNIEApplication DataMozillaFirefoxProfilesa8bb4h51.defaultextensions{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2007/04/21 21:04:14 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsBERNIEApplication DataMozillaFirefoxProfilesa8bb4h51.defaultextensions{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/05/18 12:36:20 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsBERNIEApplication DataMozillaFirefoxProfilesa8bb4h51.defaultextensions{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:Program FilesMozilla Firefoxextensions
[2010/04/08 11:26:23 | 000,000,000 | ---D | M] (Default) -- C:Program FilesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/18 10:31:06 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/23 15:33:56 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010/04/08 11:26:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:Program FilesMozilla Firefoxcomponentsbrowserdirprovider.dll
[2010/04/08 11:26:18 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:Program FilesMozilla Firefoxcomponentsbrwsrcmp.dll
[2009/09/25 17:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:Program FilesMozilla Firefoxpluginsnpdivx32.dll
[2010/04/08 11:26:19 | 000,065,496 | ---- | M] (mozilla.org) -- C:Program FilesMozilla Firefoxpluginsnpnul32.dll
[2007/03/02 13:08:30 | 000,144,872 | ---- | M] (RealNetworks, Inc.) -- C:Program FilesMozilla Firefoxpluginsnppl3260.dll
[2007/03/02 13:08:34 | 000,024,621 | ---- | M] (RealNetworks, Inc.) -- C:Program FilesMozilla Firefoxpluginsnprjplug.dll
[2007/03/02 13:08:28 | 000,081,967 | ---- | M] (RealNetworks, Inc.) -- C:Program FilesMozilla Firefoxpluginsnprpjplug.dll
[2009/09/25 17:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:Program FilesMozilla Firefoxpluginsssldivx.dll
[2008/12/09 11:46:19 | 000,001,538 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginsamazon-en-GB.xml
[2008/12/09 11:46:19 | 000,002,193 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginsanswers.xml
[2009/11/03 12:41:24 | 000,002,265 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginsavg_igeared.xml
[2008/12/09 11:46:19 | 000,000,947 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginschambers-en-GB.xml
[2008/12/09 11:46:19 | 000,001,534 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginscreativecommons.xml
[2008/12/09 11:46:19 | 000,000,759 | ---- | M] () -- C:Program FilesMozilla FirefoxsearchpluginseBay-en-GB.xml
[2008/12/09 11:46:19 | 000,001,706 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginsgoogle.xml
[2008/12/09 11:46:19 | 000,001,178 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginswikipedia.xml
[2008/12/09 11:46:19 | 000,000,831 | ---- | M] () -- C:Program FilesMozilla Firefoxsearchpluginsyahoo-en-GB.xml

O1 HOSTS File: ([2010/02/01 17:21:54 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO_1.1.5.19.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program FilesAVGAVG9avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - No CLSID value found.
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:Program FilesWindows LiveToolbarwltcore.dll (Microsoft Corporation)
O3 - HKLM..Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll (Microsoft Corporation)
O3 - HKLM..Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll File not found
O3 - HKLM..Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll ()
O3 - HKLM..Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPluginsregVeohToolbar.dll File not found
O3 - HKCU..ToolbarShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:WINDOWSsystem32browseui.dll (Microsoft Corporation)
O3 - HKCU..ToolbarShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll File not found
O3 - HKCU..ToolbarWebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:WINDOWSsystem32browseui.dll (Microsoft Corporation)
O3 - HKCU..ToolbarWebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:WINDOWSsystem32shell32.dll (Microsoft Corporation)
O3 - HKCU..ToolbarWebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll (Microsoft Corporation)
O3 - HKCU..ToolbarWebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 7.0AcrobatAcroIEFavClient.dll File not found
O3 - HKCU..ToolbarWebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll ()
O4 - HKLM..Run: [Acrobat Assistant 7.0] C:Program FilesAdobeAcrobat 7.0DistillrAcrotray.exe (Adobe Systems Inc.)
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..Run: [ATICCC] C:Program FilesATI TechnologiesATI.ACEcli.exe (ATI Technologies Inc.)
O4 - HKLM..Run: [AVG9_TRAY] C:Program FilesAVGAVG9avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe (Apple Inc.)
O4 - HKLM..Run: [KernelFaultCheck] File not found
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe (Logitech Inc.)
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..Run: [MSConfig] C:WINDOWSpchealthhelpctrBinariesMSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..Run: [nerofiltercheck] C:WINDOWSsystem32NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..Run: [QuickTime Task] C:Program FilesQuickTimeQTTask.exe (Apple Inc.)
O4 - HKLM..Run: [SoundMan] C:WINDOWSSOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.6.0_05binjusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..Run: [TkBellExe] C:Program FilesCommon FilesRealUpdate_OBrealsched.exe (RealNetworks, Inc.)
O4 - HKLM..Run: [UpdatePDRShortCut] C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..Run: [Zune Launcher] C:Program FilesZuneZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..Run: [{EAACC532-30C8-82F2-D22C-C84B3C4EB908}] C:Documents and SettingsBERNIEApplication DataNopientasy.exe (Agnitum Ltd.)
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (Microsoft Corporation)
O4 - HKCU..Run: [H/PC Connection Agent] C:Program FilesMicrosoft ActiveSyncwcescomm.exe (Microsoft Corporation)
O4 - HKCU..Run: [msnmsgr] C:Program FilesWindows LiveMessengermsnmsgr.exe (Microsoft Corporation)
O4 - HKCU..Run: [Skype] C:Program FilesSkypePhoneSkype.exe (Skype Technologies S.A.)
O4 - HKCU..Run: [uTorrent] C:Program FilesuTorrentuTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..Run: [Veoh] C:Program FilesVeoh NetworksVeohVeohClient.exe (Veoh Networks)
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media Playerwmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..RunOnce: [FFTI] C:Documents and SettingsBERNIEApplication DataMozillaFirefoxProfilesa8bb4h51.defaultextensions{B13721C7-F507-4982-B2E5-502A71474FED}ffti.exe ( )
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Acrobat Speed Launcher.lnk = C:WINDOWSInstaller{AC76BA86-1033-0000-7760-000000000002}SC_Acrobat.exe ()
O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE (Microsoft Corporation)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: dontdisplaylastusername = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticecaption =
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: legalnoticetext =
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: shutdownwithoutlogon = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: undockwithoutlogon = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableRegistryTools = 0
O7 - HKCUSoftwarePoliciesMicrosoftInternet Explorercontrol panel present
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0
O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: disableregistrytools = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:Program FilesBitCometBitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:Program FilesBitCometBitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:Program FilesBitCometBitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:Program FilesMicrosoft OfficeOffice10EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binnpjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncINetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe File not found
O10 - NameSpace_Catalog5Catalog_Entries000000000001 [] - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5Catalog_Entries000000000002 [] - C:WINDOWSsystem32winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5Catalog_Entries000000000003 [] - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000004 - C:WINDOWSsystem32rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000005 - C:WINDOWSsystem32rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000006 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000007 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000008 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000009 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000010 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000011 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000012 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000013 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000014 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000015 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000016 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9Catalog_Entries000000000017 - C:WINDOWSsystem32mswsock.dll (Microsoft Corporation)
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} https://www.promapserver.co.uk/controls/latest/promap.cab (Promap Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:Program FilesAutoCAD LT 2002AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:Program FilesAutoCAD LT 2002AcPreview.ocx (AcPreview Control)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
O18 - ProtocolHandlerabout {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll (Microsoft Corporation)
O18 - ProtocolHandlercdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlerdvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:WINDOWSsystem32msvidctl.dll (Microsoft Corporation)
O18 - ProtocolHandlerfile {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlerftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlergopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlerhttp {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlerhttp0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program FilesCommon FilesSystemOLE DBmsdaipp.dll File not found
O18 - ProtocolHandlerhttpoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program FilesCommon FilesSystemOLE DBmsdaipp.dll File not found
O18 - ProtocolHandlerhttps {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlerhttps0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program FilesCommon FilesSystemOLE DBmsdaipp.dll File not found
O18 - ProtocolHandlerhttpsoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program FilesCommon FilesSystemOLE DBmsdaipp.dll File not found
O18 - ProtocolHandleripp - No CLSID value found
O18 - ProtocolHandleripp0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program FilesCommon FilesSystemOLE DBmsdaipp.dll File not found
O18 - ProtocolHandlerits {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:WINDOWSsystem32itss.dll (Microsoft Corporation)
O18 - ProtocolHandlerjavascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll (Microsoft Corporation)
O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - ProtocolHandlerlivecall {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - ProtocolHandlerlocal {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlermailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll (Microsoft Corporation)
O18 - ProtocolHandlermhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:WINDOWSsystem32inetcomm.dll (Microsoft Corporation)
O18 - ProtocolHandlermk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolHandlermsdaipp - No CLSID value found
O18 - ProtocolHandlermsdaipp0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:Program FilesCommon FilesSystemOLE DBmsdaipp.dll File not found
O18 - ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:Program FilesCommon FilesSystemOLE DBmsdaipp.dll File not found
O18 - ProtocolHandlerms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:WINDOWSsystem32itss.dll (Microsoft Corporation)
O18 - ProtocolHandlerms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:Program FilesCommon FilesMicrosoft SharedInformation RetrievalMSITSS.DLL (Microsoft Corporation)
O18 - ProtocolHandlermsnim {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - ProtocolHandlermso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:Program FilesCommon FilesMicrosoft SharedWeb Components10OWC10.DLL (Microsoft Corporation)
O18 - ProtocolHandlerres {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll (Microsoft Corporation)
O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program FilesCommon FilesSkypeSkype4COM.dll (Skype Technologies)
O18 - ProtocolHandlersysimage {76E67A63-06E9-11D2-A840-006008059382} - C:WINDOWSsystem32mshtml.dll (Microsoft Corporation)
O18 - ProtocolHandlertv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:WINDOWSsystem32msvidctl.dll (Microsoft Corporation)
O18 - ProtocolHandlervbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:WINDOWSsystem32mshtml.dll (Microsoft Corporation)
O18 - ProtocolHandlerwia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:WINDOWSsystem32wiascr.dll (Microsoft Corporation)
O18 - ProtocolHandlerwlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:Program FilesWindows LiveMailmailcomm.dll (Microsoft Corporation)
O18 - ProtocolFilterapplication/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:WINDOWSSystem32mscoree.dll (Microsoft Corporation)
O18 - ProtocolFilterapplication/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:WINDOWSSystem32mscoree.dll (Microsoft Corporation)
O18 - ProtocolFilterapplication/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:WINDOWSSystem32mscoree.dll (Microsoft Corporation)
O18 - ProtocolFilterClass Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolFilterdeflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolFiltergzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolFilterlzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:WINDOWSsystem32urlmon.dll (Microsoft Corporation)
O18 - ProtocolFiltertext/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:WINDOWSsystem32shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:windowssystem32userinit.exe) - C:WINDOWSsystem32userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:program filesmicrosoftdesktoplayer.exe) - c:program filesmicrosoftdesktoplayer.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:WINDOWSSystem32logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:WINDOWSSystem32shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:WINDOWSSystem32sysdm.cpl (Microsoft Corporation)
O20 - WinlogonNotifyAtiExtEvent: DllName - Ati2evxx.dll - C:WINDOWSSystem32ati2evxx.dll (ATI Technologies Inc.)
O20 - WinlogonNotifyavgrsstarter: DllName - avgrsstx.dll - C:WINDOWSSystem32avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - WinlogonNotifycrypt32chain: DllName - crypt32.dll - C:WINDOWSSystem32crypt32.dll (Microsoft Corporation)
O20 - WinlogonNotifycryptnet: DllName - cryptnet.dll - C:WINDOWSSystem32cryptnet.dll (Microsoft Corporation)
O20 - WinlogonNotifycscdll: DllName - cscdll.dll - C:WINDOWSSystem32cscdll.dll (Microsoft Corporation)
O20 - WinlogonNotifyScCertProp: DllName - wlnotify.dll - C:WINDOWSSystem32wlnotify.dll (Microsoft Corporation)
O20 - WinlogonNotifySchedule: DllName - wlnotify.dll - C:WINDOWSSystem32wlnotify.dll (Microsoft Corporation)
O20 - WinlogonNotifysclgntfy: DllName - sclgntfy.dll - C:WINDOWSSystem32sclgntfy.dll (Microsoft Corporation)
O20 - WinlogonNotifySensLogn: DllName - WlNotify.dll - C:WINDOWSSystem32wlnotify.dll (Microsoft Corporation)
O20 - WinlogonNotifytermsrv: DllName - wlnotify.dll - C:WINDOWSSystem32wlnotify.dll (Microsoft Corporation)
O20 - WinlogonNotifywlballoon: DllName - wlnotify.dll - C:WINDOWSSystem32wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:WINDOWSsystem32shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:WINDOWSsystem32shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:WINDOWSsystem32stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:WINDOWSsystem32webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:WINDOWSsystem32browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:WINDOWSsystem32browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:Documents and SettingsBERNIELocal SettingsApplication DataMicrosoftWallpaper1.bmp
O24 - Desktop BackupWallPaper: C:Documents and SettingsBERNIELocal SettingsApplication DataMicrosoftWallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:WINDOWSSystem32shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:WINDOWSSystem32msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:WINDOWSSystem32schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:WINDOWSSystem32digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:WINDOWSSystem32msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:WINDOWSSystem32msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:WINDOWSSystem32kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:WINDOWSSystem32msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:WINDOWSSystem32schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:WINDOWSSystem32wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/01 11:49:58 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2{3ff26fc2-4f16-11dc-ad6e-00012e100a95}ShellAutoRuncommand - "" = TTHDHGCDFG-2352-66235-2352322-634621321-6662355364855.exe
O33 - MountPoints2{3ff26fc2-4f16-11dc-ad6e-00012e100a95}Shellopencommand - "" = TTHDHGCDFG-2352-66235-2352322-634621321-6662355364855.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2010/10/10 13:23:50 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsBERNIEDesktopOTL.exe
[2010/10/10 11:04:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEApplication DataAVG9
[2010/10/09 19:10:35 | 000,000,000 | ---D | C] -- C:Program Fileswindows
[2010/10/09 19:10:30 | 000,000,000 | ---D | C] -- C:Program Filestmp
[2010/10/09 19:10:27 | 000,000,000 | ---D | C] -- C:Program Filessystem32
[2010/10/09 18:53:38 | 000,000,000 | ---D | C] -- C:32788R22FWJFW
[2010/09/29 22:44:21 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEDesktopSTUDY
[2010/08/15 19:26:03 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceApplication DataCyberLink
[2010/08/05 18:54:53 | 000,000,000 | ---D | C] -- C:Program FilesSafari
[2010/08/04 12:48:27 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIELocal SettingsApplication Databhw
[2010/08/04 12:48:21 | 000,000,000 | ---D | C] -- C:Program FilesS3 Ripper
[2010/07/31 20:14:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEDesktopIPHONE vids
[2010/07/28 12:27:53 | 000,000,000 | ---D | C] -- C:Program FilesApple Software Update
[2010/07/28 12:24:03 | 000,000,000 | ---D | C] -- C:Program FilesBonjour
[2010/07/21 08:30:15 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:WINDOWSSystem32avgrsstx.dll
[2010/07/20 15:32:07 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIELocal SettingsApplication DataLogitech-LS
[2010/07/20 12:06:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32vidcap.ax
[2010/07/20 12:06:06 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32kswdmcap.ax
[2010/07/20 12:06:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32kstvtune.ax
[2010/07/20 12:05:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32vfwwdm32.dll
[2010/07/20 12:05:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32ksxbar.ax
[2010/07/20 11:47:41 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32capicom.dll
[2010/07/20 11:46:58 | 000,471,712 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32driverslvcd.sys
[2010/07/20 11:46:58 | 000,372,736 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32LVUI2RC.dll
[2010/07/20 11:46:58 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32LVUI2.dll
[2010/07/20 11:46:58 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32LVCodec2.dll
[2010/07/20 11:46:58 | 000,110,592 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32lvcoinst.dll
[2010/07/20 11:46:58 | 000,022,016 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32driversLVUSBSta.sys
[2010/07/20 11:46:57 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesLogitech
[2010/07/20 11:46:54 | 000,462,848 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32LCamCpl.dll
[2010/07/20 11:46:54 | 000,282,624 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32camcpl.cpl
[2010/07/20 11:46:54 | 000,215,552 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32Lvkrn12n.dll
[2010/07/20 11:46:54 | 000,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:WINDOWSSystem32ITIG726.acm
[2010/07/20 11:46:53 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32ltocx12n.ocx
[2010/07/20 11:46:53 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32ltscr12n.ocx
[2010/07/20 11:46:49 | 000,856,064 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32Ltwvc12n.dll
[2010/07/20 11:46:49 | 000,466,944 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32QCUI2.dll
[2010/07/20 11:46:49 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32ltkrn12n.dll
[2010/07/20 11:46:49 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32LFCMP12n.DLL
[2010/07/20 11:46:49 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32LTDIS12n.dll
[2010/07/20 11:46:49 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32ltefx12n.dll
[2010/07/20 11:46:49 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32ltimg12n.dll
[2010/07/20 11:46:49 | 000,141,312 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32lftif12n.dll
[2010/07/20 11:46:49 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32ltfil12n.DLL
[2010/07/20 11:46:49 | 000,086,016 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32vatee.ax
[2010/07/20 11:46:49 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32lffax12n.dll
[2010/07/20 11:46:49 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:WINDOWSSystem32lfbmp12n.dll
[2010/07/20 11:46:48 | 000,090,112 | ---- | C] (Logitech Inc.) -- C:WINDOWSSystem32LQCUI2.dll
[2010/07/20 11:46:21 | 000,000,000 | ---D | C] -- C:Program FilesLogitech
[2010/06/12 10:53:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEDesktopmem stick
[2010/06/02 10:27:29 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEDesktopABBEY
[2010/06/02 01:52:49 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEDesktopBASKETBALL
[2010/05/22 12:16:14 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEApplication DataFacebook
[2010/05/18 16:35:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:WINDOWSSystem32dns-sd.exe
[2010/05/18 16:35:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:WINDOWSSystem32dnssd.dll
[2010/05/11 15:27:18 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/26 14:27:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersCyberLink
[2010/03/26 14:20:40 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataSmartSound Software Inc
[2010/03/26 14:20:40 | 000,000,000 | ---D | C] -- C:Program FilesSmartSound Software
[2010/03/18 22:16:16 | 000,094,208 | ---- | C] (Apple Inc.) -- C:WINDOWSSystem32QuickTimeVR.qtx
[2010/03/18 22:16:16 | 000,069,632 | ---- | C] (Apple Inc.) -- C:WINDOWSSystem32QuickTime.qts
[2010/03/05 20:39:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataReal
[2010/02/16 09:26:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEDesktopPROGRESS
[2010/02/02 18:19:51 | 000,000,000 | -HSD | C] -- C:RECYCLER
[2010/02/01 17:30:29 | 000,000,000 | ---D | C] -- C:WINDOWStemp
[2010/02/01 16:57:23 | 000,000,000 | RHSD | C] -- C:cmdcons
[2010/02/01 16:54:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:WINDOWSSWXCACLS.exe
[2010/02/01 16:54:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:WINDOWSSWREG.exe
[2010/02/01 16:54:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:WINDOWSSWSC.exe
[2010/02/01 16:54:45 | 000,031,232 | ---- | C] (NirSoft) -- C:WINDOWSNIRCMD.exe
[2010/02/01 16:54:28 | 000,000,000 | ---D | C] -- C:WINDOWSERDNT
[2010/02/01 16:53:09 | 000,000,000 | ---D | C] -- C:Qoobox
[2010/02/01 15:29:18 | 000,214,512 | ---- | C] (Doctor Web, Ltd.) -- C:WINDOWSSystem32driversdwshd.sys
[2010/02/01 15:26:13 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEDoctorWeb
[2010/01/20 08:47:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEApplication DataQyna
[2010/01/13 14:41:31 | 000,000,000 | ---D | C] -- C:Program FilesiTunes
[2010/01/13 14:41:31 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/13 14:36:27 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:WINDOWSSystem32usbaaplrc.dll
[2009/12/07 11:51:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEMy DocumentsVidaOne
[2009/12/07 11:48:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIELocal SettingsApplication DataVidaOne
[2009/12/07 11:48:11 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEApplication DataVidaOne
[2009/12/07 11:47:52 | 000,000,000 | ---D | C] -- C:Program FilesVidaOne
[2009/11/19 19:23:41 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEApplication DataNitro PDF
[2009/11/19 19:20:50 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:WINDOWSSystem32nitrolocalmon.dll
[2009/11/19 19:20:50 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:WINDOWSSystem32nitrolocalui.dll
[2009/11/19 19:20:36 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesNitro PDF
[2009/11/19 19:20:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataNitro PDF
[2009/11/19 19:20:34 | 000,000,000 | ---D | C] -- C:Program FilesNitro PDF
[2009/11/19 19:19:04 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEApplication DataDownloaded Installations
[2009/11/19 14:56:20 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataAdobe
[2009/11/17 23:14:57 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceApplication DataAdobeUM
[2009/11/06 11:05:54 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIETracing
[2009/11/06 11:02:29 | 000,054,752 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32driversfssfltr_tdi.sys
[2009/11/06 11:02:02 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Sync Framework
[2009/11/06 11:01:26 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:WINDOWSSystem32d3dx9_32.dll
[2009/11/06 11:01:21 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft SQL Server Compact Edition
[2009/11/06 10:59:55 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft
[2009/11/06 10:59:43 | 000,000,000 | ---D | C] -- C:Program FilesWindows Live SkyDrive
[2009/11/06 10:53:26 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesWindows Live
[2009/11/03 12:40:34 | 000,000,000 | ---D | C] -- C:$AVG
[2009/11/03 12:39:57 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:WINDOWSSystem32driversavgtdix.sys
[2009/11/03 12:39:56 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Dataavg9
[2009/10/21 17:10:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsBERNIEApplication DataDivX
[2009/10/21 16:41:00 | 000,120,056 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxcpyi64.exe
[2009/10/21 16:41:00 | 000,118,520 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxinsi64.exe
[2009/10/21 16:41:00 | 000,066,296 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxcpya64.exe
[2009/10/21 16:41:00 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxinsa64.exe
[2009/10/21 16:41:00 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32driverscdralw2k.sys
[2009/10/21 16:41:00 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32driverscdr4_xp.sys
[2009/10/21 16:40:59 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxsfs.dll
[2009/10/21 16:40:59 | 000,551,672 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32px.dll
[2009/10/21 16:40:59 | 000,518,904 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxdrv.dll
[2009/10/21 16:40:59 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxwave.dll
[2009/10/21 16:40:59 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxmas.dll
[2009/10/21 16:40:59 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxafs.dll
[2009/10/21 16:40:59 | 000,088,824 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32vxblock.dll
[2009/10/21 16:40:59 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:WINDOWSSystem32pxhpinst.exe
[2009/10/21 16:35:57 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesDivX Shared
[8 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[10 C:Documents and SettingsBERNIEMy Documents*.tmp files -> C:Documents and SettingsBERNIEMy Documents*.tmp -> ]
[1 C:WINDOWSSystem32drivers*.tmp files -> C:WINDOWSSystem32drivers*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2010/10/10 13:30:09 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat
[2010/10/10 13:29:14 | 012,058,624 | -H-- | M] () -- C:Documents and SettingsBERNIENTUSER.DAT
[2010/10/10 13:29:14 | 000,000,278 | -HS- | M] () -- C:Documents and SettingsBERNIEntuser.ini
[2010/10/10 13:23:58 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsBERNIEDesktopOTL.exe
[2010/10/10 11:01:57 | 000,000,670 | ---- | M] () -- C:WINDOWSwin.ini
[2010/10/10 11:01:57 | 000,000,229 | RHS- | M] () -- C:boot.ini
[2010/10/10 11:01:57 | 000,000,227 | ---- | M] () -- C:WINDOWSsystem.ini
[2010/10/10 11:00:54 | 000,000,006 | -H-- | M] () -- C:WINDOWStasksSA.DAT
[2010/10/09 15:57:34 | 000,019,456 | ---- | M] () -- C:Documents and SettingsBERNIELocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/08 21:47:11 | 000,012,674 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl
[2010/10/08 21:17:33 | 000,293,376 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopjg98hrmx.exe
[2010/10/08 09:23:07 | 065,743,803 | ---- | M] () -- C:WINDOWSSystem32driversAvgincavi.avm
[2010/10/07 15:30:13 | 000,002,137 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopiTunes.lnk
[2010/10/07 14:50:34 | 000,026,112 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopI AM A CHAMPION.doc
[2010/10/06 14:42:17 | 000,046,803 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopbench 4.jpg
[2010/10/06 14:29:01 | 000,046,651 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopbench 3.jpg
[2010/10/06 14:26:27 | 000,048,273 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopbench 2.jpg
[2010/10/06 14:23:28 | 000,053,115 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopbench 1.jpg
[2010/10/06 13:06:56 | 003,767,828 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopI_will.mp3
[2010/10/06 07:14:06 | 000,000,284 | ---- | M] () -- C:WINDOWStasksAppleSoftwareUpdate.job
[2010/10/04 12:58:14 | 000,008,224 | ---- | M] () -- C:WINDOWSSystem32GDIPFONTCACHEV1.DAT
[2010/09/28 21:00:43 | 001,821,544 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopmuscular anatomy.jpg
[2010/09/28 20:43:37 | 000,004,592 | ---- | M] () -- C:WINDOWSDESGNJT2.INI
[2010/09/28 20:40:59 | 001,520,729 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopSkeletal anatomy.jpg
[2010/09/28 18:35:40 | 000,683,134 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopGym Course Paperwork.zip
[2010/09/27 11:25:43 | 000,039,424 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopItchen Workout week 1-3.xls
[2010/09/27 11:24:17 | 000,009,775 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopItchen lower body week 1-3.pdf
[2010/09/27 11:14:42 | 000,010,308 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopItchen Upper body week 1-3.pdf
[2010/09/27 11:12:05 | 000,027,648 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCopy of Itchen Legs week 1-3.xls
[2010/09/23 15:01:49 | 000,017,920 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCopy of coaching schedule-1.xls
[2010/09/21 00:30:00 | 000,025,088 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopAbbey dispute loan.doc
[2010/09/20 00:52:53 | 000,009,380 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopItchen Legs week 1-3.pdf
[2010/09/19 23:57:50 | 000,056,680 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsMarketing Plan Expressions of Interest.pdf
[2010/09/19 23:31:42 | 000,071,725 | ---- | M] () -- C:Documents and SettingsBERNIEDesktop24BW030910.pdf
[2010/09/17 12:04:25 | 000,269,365 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopimg097.pdf
[2010/09/15 11:07:18 | 013,825,208 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_4.mp4
[2010/09/15 11:04:47 | 000,004,897 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_4.THM
[2010/09/15 10:42:03 | 061,229,348 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsSmithy-receives-coach-of-the-year-award[www.savevid.com].mp4
[2010/09/14 17:13:29 | 000,016,384 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopfitness test.xls
[2010/09/11 13:53:05 | 594,497,996 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopinterval.avi
[2010/09/11 03:22:02 | 594,185,984 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopevolution.avi
[2010/09/10 18:17:07 | 603,461,472 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCNS.avi
[2010/09/10 14:29:48 | 000,209,754 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopYell.jpg
[2010/09/10 13:40:17 | 1040,234,508 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopAPD3.avi
[2010/09/10 05:09:04 | 1007,922,040 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopAPD2.avi
[2010/09/09 19:38:28 | 950,036,612 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopAPD1.avi
[2010/09/06 20:19:11 | 000,866,157 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopppi.zip
[2010/09/06 10:57:46 | 000,095,269 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopKestrels in the community.pdf
[2010/09/06 10:57:37 | 000,158,147 | ---- | M] () -- C:WINDOWSSystem32PAPERLESSPRINTER
[2010/09/06 08:34:33 | 000,391,680 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopKestrelsinthecommunity.doc
[2010/09/04 23:54:36 | 714,938,748 | ---- | M] () -- C:Documents and SettingsBERNIEDesktop3(2).avi
[2010/09/03 16:13:23 | 641,827,994 | ---- | M] () -- C:Documents and SettingsBERNIEDesktop2.avi
[2010/09/03 13:42:25 | 000,048,128 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopContacts PLTs.xls
[2010/09/03 00:04:11 | 437,932,504 | ---- | M] () -- C:Documents and SettingsBERNIEDesktop1.avi
[2010/09/01 10:46:31 | 040,235,328 | ---- | M] () -- C:Documents and SettingsBERNIELocal SettingsApplication Dataprvlcl.dat
[2010/08/31 23:34:08 | 003,328,000 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopApplicationForm solent.doc
[2010/08/31 23:33:02 | 000,125,912 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopBernard Grant - Application Form Sports Development Officer.pdf
[2010/08/31 19:14:17 | 003,319,808 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopApplicationForm.doc
[2010/08/31 08:34:49 | 000,000,932 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopNero Online Upgrade.lnk
[2010/08/30 19:34:46 | 000,208,863 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopTodd_Massey_-_Black_Market_Report_On_Ephedrine.pdf
[2010/08/24 22:08:14 | 313,524,224 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopagility.z01
[2010/08/24 09:15:06 | 313,524,224 | ---- | M] () -- C:Documents and SettingsBERNIEMy Documentszipped.z01
[2010/08/24 08:44:37 | 102,448,463 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopagility.zip
[2010/08/22 19:13:12 | 001,494,515 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopbev-flyer-back23-27(2).pdf
[2010/08/21 08:15:43 | 021,900,952 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopStudy_Guide_-_Questions.PDF
[2010/08/20 22:47:55 | 003,312,475 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopIntroduction_and_Table_of_Contents.PDF
[2010/08/20 22:26:52 | 007,897,571 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh11_-_Injury_Prevention_and_Emergency_Procedures.PDF
[2010/08/20 22:00:00 | 013,970,947 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh10_-_Exercise_and_Pregnancy.PDF
[2010/08/20 21:09:19 | 010,611,346 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh9_-_Disabilities_and_Health_Limitations.PDF
[2010/08/20 19:08:07 | 008,015,450 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh8_-_Adherence_and_Motivation.PDF
[2010/08/20 18:08:42 | 010,781,668 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh7_-_Teaching_a_Group_Exercise_Class.PDF
[2010/08/20 17:20:14 | 015,619,676 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh6_-_Group_Exercise_Program_Design.PDF
[2010/08/20 16:57:17 | 004,295,270 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh5_-_Health_Screening.PDF
[2010/08/20 16:36:56 | 011,908,041 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh4_-_Introduction_to_Nutrition.PDF
[2010/08/20 16:18:04 | 000,002,187 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopSafari.lnk
[2010/08/20 16:16:34 | 011,871,912 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh3_-_Fundamentals_of_Applied_Kinesiolgoy.PDF
[2010/08/20 15:34:44 | 014,393,127 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh2_-_Fundamentals_of_Anatomy.PDF
[2010/08/20 15:10:17 | 012,422,112 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCh1_-_Exercise_Physiology.PDF
[2010/08/18 21:37:16 | 001,141,505 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopHotmail.zip
[2010/08/18 14:48:33 | 000,910,848 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopInvoice.005 Youth Games.doc
[2010/08/16 17:18:22 | 000,022,240 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsISO1_DVD.nri
[2010/08/15 19:58:56 | 001,494,515 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopbev-flyer-back23-27.pdf
[2010/08/15 19:26:03 | 097,877,584 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce.mpg
[2010/08/15 15:47:49 | 000,048,972 | -H-- | M] () -- C:WINDOWSSystem32mlfcache.dat
[2010/08/12 21:40:46 | 010,689,353 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_3.mp4
[2010/08/12 21:39:10 | 000,004,107 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_3.THM
[2010/08/06 12:22:29 | 033,473,800 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopPre-Season Workouts 2008 Alcoa [www.keepvid.com].mp4
[2010/08/05 19:43:25 | 000,102,032 | ---- | M] () -- C:WINDOWShpoins04.dat
[2010/08/05 18:55:00 | 000,001,854 | ---- | M] () -- C:Documents and SettingsBERNIEApplication DataMicrosoftInternet ExplorerQuick LaunchApple Safari.lnk
[2010/08/05 16:41:51 | 023,835,534 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_2.mp4
[2010/08/05 16:37:28 | 000,004,640 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_2.THM
[2010/08/04 14:34:13 | 000,000,092 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsDefault.PLS
[2010/08/04 12:48:22 | 000,000,635 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopS3 Ripper.lnk
[2010/08/02 16:53:21 | 036,199,722 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_1.mp4
[2010/08/02 16:46:29 | 000,005,605 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_1.THM
[2010/07/31 19:15:42 | 010,331,110 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_0.mp4
[2010/07/31 19:13:47 | 000,004,529 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_0.THM
[2010/07/28 12:38:41 | 000,001,604 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopQuickTime Player.lnk
[2010/07/25 20:59:26 | 019,473,201 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopvlc-1.1.1-win32.exe
[2010/07/22 23:23:50 | 011,147,875 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce.mp4
[2010/07/22 23:22:09 | 000,007,727 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsProduce.THM
[2010/07/21 08:30:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:WINDOWSSystem32driversavgtdix.sys
[2010/07/21 08:30:15 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:WINDOWSSystem32avgrsstx.dll
[2010/07/21 08:29:39 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:WINDOWSSystem32driversavgldx86.sys
[2010/07/20 11:47:42 | 000,001,644 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopLogitech QuickCam.lnk
[2010/07/12 13:44:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:WINDOWSSystem32driversavgmfx86.sys
[2010/06/02 01:07:52 | 000,024,385 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsPrivacy Policy - B G BUILDI...pdf
[2010/06/02 01:06:44 | 000,019,893 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsB G BUILDING DESIGN & DEVEL conditions.pdf
[2010/06/02 01:06:06 | 000,014,662 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopArchitects - Building and Planning.pdf
[2010/06/02 01:05:05 | 000,014,245 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopB G BUILDING DESIGN & DEVEL house ext.pdf
[2010/06/02 01:03:49 | 000,014,240 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopB G BUILDING DESIGN & DEVEL...pdf
[2010/06/02 01:02:51 | 000,040,685 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopArchitects - Building and P...pdf
[2010/05/18 16:35:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:WINDOWSSystem32dns-sd.exe
[2010/05/18 16:35:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:WINDOWSSystem32dnssd.dll
[2010/04/19 20:47:44 | 003,062,048 | ---- | M] (Apple, Inc.) -- C:WINDOWSSystem32usbaaplrc.dll
[2010/04/10 18:14:06 | 000,512,978 | ---- | M] () -- C:WINDOWSSystem32PerfStringBackup.INI
[2010/04/10 18:14:06 | 000,436,258 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat
[2010/04/10 18:14:06 | 000,069,946 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat
[2010/04/10 18:10:06 | 000,001,961 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCyberLink PowerDirector.lnk
[2010/04/10 18:09:21 | 000,231,984 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT
[2010/03/26 14:47:47 | 000,921,654 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsSnapshot.bmp
[2010/03/26 14:30:29 | 000,060,824 | ---- | M] () -- C:Documents and SettingsBERNIELocal SettingsApplication DataGDIPFONTCACHEV1.DAT
[2010/03/18 22:16:16 | 000,094,208 | ---- | M] (Apple Inc.) -- C:WINDOWSSystem32QuickTimeVR.qtx
[2010/03/18 22:16:16 | 000,069,632 | ---- | M] (Apple Inc.) -- C:WINDOWSSystem32QuickTime.qts
[2010/03/12 17:10:26 | 000,017,830 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsFernlealocationplan1-1250.pdf
[2010/02/01 17:21:54 | 000,000,027 | ---- | M] () -- C:WINDOWSSystem32driversetchosts
[2010/02/01 15:46:17 | 003,842,638 | R--- | M] () -- C:Documents and SettingsBERNIEDesktopComboFix.exe
[2010/02/01 15:29:18 | 000,214,512 | ---- | M] (Doctor Web, Ltd.) -- C:WINDOWSSystem32driversdwshd.sys
[2010/02/01 14:32:11 | 000,000,000 | ---- | M] () -- C:WINDOWSSystem32drivers25a3b05b.sys
[2010/01/20 10:18:20 | 000,142,495 | ---- | M] () -- C:WINDOWSSystem32driversAvgmicroavi.avg
[2009/12/09 23:54:07 | 000,261,632 | ---- | M] () -- C:WINDOWSPEV.exe
[2009/12/07 11:48:11 | 000,000,474 | ---- | M] () -- C:WINDOWSODBC.INI
[2009/12/03 16:18:21 | 000,000,099 | ---- | M] () -- C:WINDOWSVPPLAYS.INI
[2009/11/22 11:02:46 | 000,000,211 | ---- | M] () -- C:Boot.bak
[2009/11/19 19:20:45 | 000,001,762 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopNitro PDF Professional.lnk
[2009/11/19 16:50:49 | 000,000,648 | ---- | M] () -- C:Documents and SettingsBERNIEApplication DataMicrosoftInternet ExplorerQuick LaunchµTorrent.lnk
[2009/11/19 16:50:49 | 000,000,630 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopµTorrent.lnk
[2009/11/19 14:56:46 | 000,001,734 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAdobe Acrobat 7.0 Professional.lnk
[2009/11/09 08:52:00 | 000,030,208 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopCopy of Copy of Sutton Scotney work list.xls
[2009/11/06 11:00:40 | 000,000,904 | ---- | M] () -- C:Documents and SettingsBERNIEMy DocumentsMy Sharing Folders.lnk
[2009/11/03 12:40:11 | 000,001,507 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAVG Free 9.0.lnk
[2009/11/03 12:39:57 | 000,113,461 | ---- | M] () -- C:WINDOWSSystem32driversAvgiavichjw.avm
[2009/11/03 11:31:30 | 000,000,000 | ---- | M] () -- C:WINDOWSSystem32lewpwh
[2009/10/25 07:11:34 | 000,077,312 | ---- | M] () -- C:WINDOWSMBR.exe
[2009/10/21 16:41:05 | 000,000,795 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopDivX Player.lnk
[2009/10/21 16:40:55 | 000,000,831 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopDivX Converter.lnk
[2009/10/21 16:39:50 | 000,001,472 | ---- | M] () -- C:Documents and SettingsBERNIEDesktopDivX Movies.lnk
[8 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]
[10 C:Documents and SettingsBERNIEMy Documents*.tmp files -> C:Documents and SettingsBERNIEMy Documents*.tmp -> ]
[1 C:WINDOWSSystem32drivers*.tmp files -> C:WINDOWSSystem32drivers*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/08 21:17:30 | 000,293,376 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopjg98hrmx.exe
[2010/10/07 14:50:34 | 000,026,112 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopI AM A CHAMPION.doc
[2010/10/06 14:42:17 | 000,046,803 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopbench 4.jpg
[2010/10/06 14:29:01 | 000,046,651 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopbench 3.jpg
[2010/10/06 14:26:27 | 000,048,273 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopbench 2.jpg
[2010/10/06 14:23:28 | 000,053,115 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopbench 1.jpg
[2010/10/06 13:05:30 | 003,767,828 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopI_will.mp3
[2010/09/28 21:00:42 | 001,821,544 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopmuscular anatomy.jpg
[2010/09/28 20:40:58 | 001,520,729 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopSkeletal anatomy.jpg
[2010/09/28 18:35:39 | 000,683,134 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopGym Course Paperwork.zip
[2010/09/27 11:19:56 | 000,009,775 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopItchen lower body week 1-3.pdf
[2010/09/27 11:14:42 | 000,010,308 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopItchen Upper body week 1-3.pdf
[2010/09/27 11:12:28 | 000,039,424 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopItchen Workout week 1-3.xls
[2010/09/23 13:34:08 | 000,017,920 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCopy of coaching schedule-1.xls
[2010/09/21 00:09:30 | 000,025,088 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopAbbey dispute loan.doc
[2010/09/20 00:50:25 | 000,009,380 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopItchen Legs week 1-3.pdf
[2010/09/20 00:44:09 | 000,027,648 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCopy of Itchen Legs week 1-3.xls
[2010/09/19 23:57:50 | 000,056,680 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsMarketing Plan Expressions of Interest.pdf
[2010/09/19 23:31:31 | 000,071,725 | ---- | C] () -- C:Documents and SettingsBERNIEDesktop24BW030910.pdf
[2010/09/17 12:04:25 | 000,269,365 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopimg097.pdf
[2010/09/15 11:04:47 | 013,825,208 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_4.mp4
[2010/09/15 11:04:47 | 000,004,897 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_4.THM
[2010/09/15 10:27:34 | 061,229,348 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsSmithy-receives-coach-of-the-year-award[www.savevid.com].mp4
[2010/09/13 13:56:07 | 000,016,384 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopfitness test.xls
[2010/09/11 11:01:40 | 594,497,996 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopinterval.avi
[2010/09/11 01:15:47 | 594,185,984 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopevolution.avi
[2010/09/10 16:29:43 | 603,461,472 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCNS.avi
[2010/09/10 14:29:47 | 000,209,754 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopYell.jpg
[2010/09/10 08:16:39 | 1040,234,508 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopAPD3.avi
[2010/09/10 01:11:29 | 1007,922,040 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopAPD2.avi
[2010/09/09 17:00:15 | 950,036,612 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopAPD1.avi
[2010/09/06 20:18:53 | 000,866,157 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopppi.zip
[2010/09/06 10:57:45 | 000,095,269 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopKestrels in the community.pdf
[2010/09/06 08:34:03 | 000,391,680 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopKestrelsinthecommunity.doc
[2010/09/03 19:06:52 | 714,938,748 | ---- | C] () -- C:Documents and SettingsBERNIEDesktop3(2).avi
[2010/09/03 13:42:01 | 000,048,128 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopContacts PLTs.xls
[2010/09/03 09:35:25 | 641,827,994 | ---- | C] () -- C:Documents and SettingsBERNIEDesktop2.avi
[2010/09/02 23:00:32 | 437,932,504 | ---- | C] () -- C:Documents and SettingsBERNIEDesktop1.avi
[2010/08/31 23:22:29 | 000,125,912 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopBernard Grant - Application Form Sports Development Officer.pdf
[2010/08/31 23:13:57 | 003,328,000 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopApplicationForm solent.doc
[2010/08/31 15:54:35 | 003,319,808 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopApplicationForm.doc
[2010/08/30 19:34:37 | 000,208,863 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopTodd_Massey_-_Black_Market_Report_On_Ephedrine.pdf
[2010/08/24 19:29:08 | 313,524,224 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopagility.z01
[2010/08/24 08:18:44 | 313,524,224 | ---- | C] () -- C:Documents and SettingsBERNIEMy Documentszipped.z01
[2010/08/24 08:16:12 | 102,448,463 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopagility.zip
[2010/08/22 19:11:36 | 001,494,515 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopbev-flyer-back23-27(2).pdf
[2010/08/21 08:09:10 | 021,900,952 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopStudy_Guide_-_Questions.PDF
[2010/08/20 22:45:48 | 003,312,475 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopIntroduction_and_Table_of_Contents.PDF
[2010/08/20 22:23:25 | 007,897,571 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh11_-_Injury_Prevention_and_Emergency_Procedures.PDF
[2010/08/20 21:54:09 | 013,970,947 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh10_-_Exercise_and_Pregnancy.PDF
[2010/08/20 21:05:21 | 010,611,346 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh9_-_Disabilities_and_Health_Limitations.PDF
[2010/08/20 19:04:05 | 008,015,450 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh8_-_Adherence_and_Motivation.PDF
[2010/08/20 18:02:52 | 010,781,668 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh7_-_Teaching_a_Group_Exercise_Class.PDF
[2010/08/20 17:14:12 | 015,619,676 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh6_-_Group_Exercise_Program_Design.PDF
[2010/08/20 16:55:40 | 004,295,270 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh5_-_Health_Screening.PDF
[2010/08/20 16:31:38 | 011,908,041 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh4_-_Introduction_to_Nutrition.PDF
[2010/08/20 16:11:12 | 011,871,912 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh3_-_Fundamentals_of_Applied_Kinesiolgoy.PDF
[2010/08/20 15:29:23 | 014,393,127 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh2_-_Fundamentals_of_Anatomy.PDF
[2010/08/20 15:05:30 | 012,422,112 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCh1_-_Exercise_Physiology.PDF
[2010/08/18 21:35:29 | 001,141,505 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopHotmail.zip
[2010/08/18 14:48:22 | 000,910,848 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopInvoice.005 Youth Games.doc
[2010/08/16 17:18:22 | 000,022,240 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsISO1_DVD.nri
[2010/08/16 17:08:40 | 000,000,932 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopNero Online Upgrade.lnk
[2010/08/15 19:58:45 | 001,494,515 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopbev-flyer-back23-27.pdf
[2010/08/15 19:19:09 | 097,877,584 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce.mpg
[2010/08/12 21:39:10 | 010,689,353 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_3.mp4
[2010/08/12 21:39:10 | 000,004,107 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_3.THM
[2010/08/06 12:11:13 | 033,473,800 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopPre-Season Workouts 2008 Alcoa [www.keepvid.com].mp4
[2010/08/05 19:40:59 | 000,102,033 | ---- | C] () -- C:WINDOWShpoins04.dat.temp
[2010/08/05 19:40:58 | 000,017,218 | ---- | C] () -- C:WINDOWShpomdl04.dat.temp
[2010/08/05 18:55:00 | 000,002,187 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopSafari.lnk
[2010/08/05 18:55:00 | 000,001,854 | ---- | C] () -- C:Documents and SettingsBERNIEApplication DataMicrosoftInternet ExplorerQuick LaunchApple Safari.lnk
[2010/08/05 16:37:28 | 023,835,534 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_2.mp4
[2010/08/05 16:37:28 | 000,004,640 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_2.THM
[2010/08/04 12:48:22 | 000,000,635 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopS3 Ripper.lnk
[2010/08/02 16:46:29 | 036,199,722 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_1.mp4
[2010/08/02 16:46:29 | 000,005,605 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_1.THM
[2010/07/31 19:13:47 | 010,331,110 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_0.mp4
[2010/07/31 19:13:47 | 000,004,529 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce_0.THM
[2010/07/28 12:47:00 | 000,002,137 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopiTunes.lnk
[2010/07/28 12:38:41 | 000,001,604 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopQuickTime Player.lnk
[2010/07/28 12:28:01 | 000,000,284 | ---- | C] () -- C:WINDOWStasksAppleSoftwareUpdate.job
[2010/07/25 20:54:07 | 019,473,201 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopvlc-1.1.1-win32.exe
[2010/07/22 23:22:09 | 011,147,875 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce.mp4
[2010/07/22 23:22:09 | 000,007,727 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsProduce.THM
[2010/07/20 11:47:42 | 000,001,644 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopLogitech QuickCam.lnk
[2010/07/20 11:47:05 | 000,053,248 | R--- | C] () -- C:WINDOWSSystem32InstMed.exe
[2010/07/20 11:46:58 | 000,005,993 | ---- | C] () -- C:WINDOWSSystem32lvcoinst.ini
[2010/06/02 01:07:46 | 000,024,385 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsPrivacy Policy - B G BUILDI...pdf
[2010/06/02 01:06:44 | 000,019,893 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsB G BUILDING DESIGN & DEVEL conditions.pdf
[2010/06/02 01:06:06 | 000,014,662 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopArchitects - Building and Planning.pdf
[2010/06/02 01:05:05 | 000,014,245 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopB G BUILDING DESIGN & DEVEL house ext.pdf
[2010/06/02 01:03:44 | 000,014,240 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopB G BUILDING DESIGN & DEVEL...pdf
[2010/06/02 01:02:44 | 000,040,685 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopArchitects - Building and P...pdf
[2010/04/10 18:10:08 | 000,001,961 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCyberLink PowerDirector.lnk
[2010/03/26 14:47:47 | 000,921,654 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsSnapshot.bmp
[2010/03/12 17:10:26 | 000,017,830 | ---- | C] () -- C:Documents and SettingsBERNIEMy DocumentsFernlealocationplan1-1250.pdf
[2010/02/01 16:57:31 | 000,000,211 | ---- | C] () -- C:Boot.bak
[2010/02/01 16:57:25 | 000,260,272 | ---- | C] () -- C:cmldr
[2010/02/01 16:54:45 | 000,261,632 | ---- | C] () -- C:WINDOWSPEV.exe
[2010/02/01 16:54:45 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe
[2010/02/01 16:54:45 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe
[2010/02/01 16:54:45 | 000,077,312 | ---- | C] () -- C:WINDOWSMBR.exe
[2010/02/01 16:54:45 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe
[2010/02/01 15:46:03 | 003,842,638 | R--- | C] () -- C:Documents and SettingsBERNIEDesktopComboFix.exe
[2010/01/14 16:11:15 | 000,048,972 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat
[2009/11/19 19:20:45 | 000,001,762 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopNitro PDF Professional.lnk
[2009/11/19 16:50:49 | 000,000,630 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopµTorrent.lnk
[2009/11/19 14:56:46 | 000,002,335 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsStartupAdobe Acrobat Speed Launcher.lnk
[2009/11/16 12:48:59 | 040,235,328 | ---- | C] () -- C:Documents and SettingsBERNIELocal SettingsApplication Dataprvlcl.dat
[2009/11/09 08:52:00 | 000,030,208 | ---- | C] () -- C:Documents and SettingsBERNIEDesktopCopy of Copy of Sutton Scotney work list.xls
[2009/11/03 12:40:11 | 000,001,507 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopAVG Free 9.0.lnk
[2009/11/03 11:31:30 | 000,000,000 | ---- | C] () -- C:WINDOWSSystem32lewpwh
[2009/10/21 16:41:05 | 000,000,795 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopDivX Player.lnk
[2009/10/21 16:40:55 | 000,000,831 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopDivX Converter.lnk
[2009/08/24 12:19:54 | 000,000,000 | ---- | C] () -- C:WINDOWSSystem32drivers25a3b05b.sys
[2009/07/27 15:23:53 | 000,000,099 | ---- | C] () -- C:WINDOWSVPPLAYS.INI
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:WINDOWSSystem32ICCProfiles.dll
[2008/07/09 10:10:21 | 000,004,592 | ---- | C] () -- C:WINDOWSDESGNJT2.INI
[2008/04/18 14:16:18 | 000,007,922 | ---- | C] () -- C:Documents and SettingsAll UsersApplication Datahpzinstall.log
[2008/01/15 10:44:47 | 000,001,755 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataQTSBandwidthCache
[2007/06/23 09:22:55 | 000,000,736 | ---- | C] () -- C:WINDOWSDigimaxMaster.INI
[2007/03/03 17:03:11 | 000,002,508 | ---- | C] () -- C:Documents and SettingsLocalServiceApplication Data$_hpcst$.hpc
[2007/02/28 23:14:27 | 000,095,744 | ---- | C] () -- C:Documents and SettingsNetworkServiceLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/28 22:53:51 | 000,552,960 | ---- | C] () -- C:WINDOWSSystem32xvidcore.dll
[2007/02/28 22:53:51 | 000,159,744 | ---- | C] () -- C:WINDOWSSystem32xvidvfw.dll
[2006/11/07 13:34:29 | 000,002,508 | -H-- | C] () -- C:Documents and SettingsBERNIEApplication Data$_hpcst$.hpc
[2006/06/21 20:15:25 | 000,000,474 | ---- | C] () -- C:WINDOWSODBC.INI
[2006/06/05 19:35:20 | 000,000,116 | ---- | C] () -- C:WINDOWSNeroDigital.ini
[2006/06/05 15:13:30 | 000,019,456 | ---- | C] () -- C:Documents and SettingsBERNIELocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/05 11:58:44 | 000,000,000 | ---- | C] () -- C:WINDOWSOpPrintServer.INI
[2006/06/05 11:44:35 | 000,079,360 | ---- | C] () -- C:WINDOWSSystem32acdbres.dll
[2006/06/05 11:22:08 | 000,000,129 | ---- | C] () -- C:Documents and SettingsBERNIELocal SettingsApplication Datafusioncache.dat
[2006/06/01 13:53:27 | 000,000,061 | ---- | C] () -- C:WINDOWSsmscfg.ini
[2006/05/11 11:57:21 | 000,000,188 | ---- | C] () -- C:WINDOWSSystem32oeminfo.ini
[2006/05/11 11:56:53 | 000,135,168 | ---- | C] () -- C:WINDOWSSystem32RTLCPAPI.dll
[2000/09/18 16:50:28 | 000,202,752 | ---- | C] () -- C:WINDOWSSystem32Zlib.dll

========== LOP Check ==========

[2009/06/16 14:14:58 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAVG Security Toolbar
[2010/10/09 15:52:37 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Dataavg9
[2009/01/16 11:47:01 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataGrisoft
[2009/11/19 19:20:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataNitro PDF
[2008/02/29 12:49:26 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataNokia
[2008/10/07 01:29:50 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datanonmribk
[2008/02/29 13:00:57 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPC Suite
[2010/03/26 14:21:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSmartSound Software Inc
[2010/03/26 16:32:32 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP
[2010/05/11 15:28:08 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/13 14:42:22 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/02/28 22:21:47 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data~0
[2009/05/27 18:17:55 | 000,000,000 | -H-D | M] -- C:Documents and SettingsBERNIEApplication DataaAvgApi
[2006/06/07 11:19:46 | 000,000,000 | -H-D | M] -- C:Documents and SettingsBERNIEApplication DataAutodesk
[2010/10/10 11:04:12 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataAVG9
[2009/11/19 19:19:04 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataDownloaded Installations
[2009/07/17 19:33:23 | 000,000,000 | -H-D | M] -- C:Documents and SettingsBERNIEApplication DataeBookPro6
[2010/10/08 21:40:38 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataEwysn
[2010/10/08 18:34:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataFacebook
[2010/10/08 20:19:54 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataFileZilla
[2008/07/21 11:00:50 | 000,000,000 | -H-D | M] -- C:Documents and SettingsBERNIEApplication DataGrabIt
[2009/03/16 23:22:57 | 000,000,000 | -H-D | M] -- C:Documents and SettingsBERNIEApplication DataImgBurn
[2010/10/02 00:45:21 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataNitro PDF
[2008/02/29 12:52:01 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataNokia
[2008/09/01 19:57:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataNopien
[2010/01/14 12:07:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataNSeries
[2010/10/08 18:04:55 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataOdevk
[2010/01/14 12:07:59 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataPC Suite
[2010/10/10 10:55:04 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataQyna
[2007/06/23 09:09:21 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataSamsung
[2008/04/24 14:52:17 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataThunderbird
[2010/10/10 11:16:54 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DatauTorrent
[2009/12/07 11:48:11 | 000,000,000 | ---D | M] -- C:Documents and SettingsBERNIEApplication DataVidaOne

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:4B7BEAFF
< End of report >

Edited by Orange Blossom, 12 October 2010 - 11:24 PM.
Merged 2 posts. ~ OB


BC AdBot (Login to Remove)

 


#2 bgm_co

bgm_co
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 10 October 2010 - 08:16 AM

OTL logfile created on: 10/10/2010 14:13:20 - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\BERNIE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 177.75 Gb Free Space | 38.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESIGNWORK
Current User Name: BERNIE
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BERNIE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BERNIE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nitrodriverreadspool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (seaport) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (ijst) -- C:\WINDOWS\System32\drivers\oqmsd.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avgtdix) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (25a3b05b) -- C:\WINDOWS\System32\drivers\25a3b05b.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (m5288) -- C:\WINDOWS\system32\drivers\m5288.sys (ULi Electronics Inc.)
DRV - (si3112r) -- C:\WINDOWS\system32\drivers\si3112r.sys (Silicon Image, Inc.)
DRV - (SiWinAcc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://publicaccess.testvalley.gov.uk/publ...searchform.aspx
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.zurich.co.uk/buildingguarantee/index.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/10/02 21:34:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/16 23:50:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 03:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/15 10:01:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 17:57:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/28 12:38:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/09 17:57:38 | 000,000,000 | ---D | M]

[2008/12/09 11:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Extensions
[2008/12/09 11:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions
[2010/07/20 12:10:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/29 10:20:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/20 12:10:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2007/04/21 21:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/05/18 12:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/08 11:26:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/18 10:31:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/23 15:33:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010/04/08 11:26:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/08 11:26:18 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 17:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/08 11:26:19 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/02 13:08:30 | 000,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2007/03/02 13:08:34 | 000,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2007/03/02 13:08:28 | 000,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/25 17:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2008/12/09 11:46:19 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/12/09 11:46:19 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/03 12:41:24 | 000,002,265 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2008/12/09 11:46:19 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/12/09 11:46:19 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/12/09 11:46:19 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/12/09 11:46:19 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/12/09 11:46:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/12/09 11:46:19 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/01 17:21:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - No CLSID value found.
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [nerofiltercheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [{EAACC532-30C8-82F2-D22C-C84B3C4EB908}] C:\Documents and Settings\BERNIE\Application Data\Nopien\tasy.exe (Agnitum Ltd.)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\RunOnce: [FFTI] C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} https://www.promapserver.co.uk/controls/latest/promap.cab (Promap Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\desktoplayer.exe) - c:\program files\microsoft\desktoplayer.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/01 11:49:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3ff26fc2-4f16-11dc-ad6e-00012e100a95}\Shell\AutoRun\command - "" = TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O33 - MountPoints2\{3ff26fc2-4f16-11dc-ad6e-00012e100a95}\Shell\open\command - "" = TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 13:23:50 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
[2010/10/10 11:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BERNIE\Application Data\AVG9
[2010/10/09 19:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/10/09 19:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\tmp
[2010/10/09 19:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\system32
[2010/10/09 18:53:38 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/29 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BERNIE\Desktop\STUDY
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\BERNIE\My Documents\*.tmp files -> C:\Documents and Settings\BERNIE\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/10 14:11:21 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\RKUnhookerLE.EXE
[2010/10/10 13:46:22 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\dds.scr
[2010/10/10 13:30:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/10 13:29:14 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\BERNIE\NTUSER.DAT
[2010/10/10 13:29:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\BERNIE\ntuser.ini
[2010/10/10 13:23:58 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
[2010/10/10 11:01:57 | 000,000,670 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/10 11:01:57 | 000,000,229 | RHS- | M] () -- C:\boot.ini
[2010/10/10 11:01:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/10 11:00:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 15:57:34 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/08 21:47:11 | 000,012,674 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/08 21:17:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\jg98hrmx.exe
[2010/10/08 09:23:07 | 065,743,803 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/07 15:30:13 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/07 14:50:34 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\I AM A CHAMPION.doc
[2010/10/06 14:42:17 | 000,046,803 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 4.jpg
[2010/10/06 14:29:01 | 000,046,651 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 3.jpg
[2010/10/06 14:26:27 | 000,048,273 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 2.jpg
[2010/10/06 14:23:28 | 000,053,115 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 1.jpg
[2010/10/06 13:06:56 | 003,767,828 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\I_will.mp3
[2010/10/06 07:14:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/04 12:58:14 | 000,008,224 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/09/28 21:00:43 | 001,821,544 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\muscular anatomy.jpg
[2010/09/28 20:43:37 | 000,004,592 | ---- | M] () -- C:\WINDOWS\DESGNJT2.INI
[2010/09/28 20:40:59 | 001,520,729 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Skeletal anatomy.jpg
[2010/09/28 18:35:40 | 000,683,134 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Gym Course Paperwork.zip
[2010/09/27 11:25:43 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Workout week 1-3.xls
[2010/09/27 11:24:17 | 000,009,775 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen lower body week 1-3.pdf
[2010/09/27 11:14:42 | 000,010,308 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Upper body week 1-3.pdf
[2010/09/27 11:12:05 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of Itchen Legs week 1-3.xls
[2010/09/23 15:01:49 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of coaching schedule-1.xls
[2010/09/21 00:30:00 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Abbey dispute loan.doc
[2010/09/20 00:52:53 | 000,009,380 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Legs week 1-3.pdf
[2010/09/19 23:57:50 | 000,056,680 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Marketing Plan Expressions of Interest.pdf
[2010/09/19 23:31:42 | 000,071,725 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\24BW030910.pdf
[2010/09/17 12:04:25 | 000,269,365 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\img097.pdf
[2010/09/15 11:07:18 | 013,825,208 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.mp4
[2010/09/15 11:04:47 | 000,004,897 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.THM
[2010/09/15 10:42:03 | 061,229,348 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Smithy-receives-coach-of-the-year-award[www.savevid.com].mp4
[2010/09/14 17:13:29 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\fitness test.xls
[2010/09/11 13:53:05 | 594,497,996 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\interval.avi
[2010/09/11 03:22:02 | 594,185,984 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\evolution.avi
[2010/09/10 18:17:07 | 603,461,472 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\CNS.avi
[2010/09/10 14:29:48 | 000,209,754 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Yell.jpg
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\BERNIE\My Documents\*.tmp files -> C:\Documents and Settings\BERNIE\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/10 14:11:17 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\RKUnhookerLE.EXE
[2010/10/10 13:46:11 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\dds.scr
[2010/10/08 21:17:30 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\jg98hrmx.exe
[2010/10/07 14:50:34 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\I AM A CHAMPION.doc
[2010/10/06 14:42:17 | 000,046,803 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 4.jpg
[2010/10/06 14:29:01 | 000,046,651 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 3.jpg
[2010/10/06 14:26:27 | 000,048,273 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 2.jpg
[2010/10/06 14:23:28 | 000,053,115 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 1.jpg
[2010/10/06 13:05:30 | 003,767,828 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\I_will.mp3
[2010/09/28 21:00:42 | 001,821,544 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\muscular anatomy.jpg
[2010/09/28 20:40:58 | 001,520,729 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Skeletal anatomy.jpg
[2010/09/28 18:35:39 | 000,683,134 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Gym Course Paperwork.zip
[2010/09/27 11:19:56 | 000,009,775 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen lower body week 1-3.pdf
[2010/09/27 11:14:42 | 000,010,308 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Upper body week 1-3.pdf
[2010/09/27 11:12:28 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Workout week 1-3.xls
[2010/09/23 13:34:08 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of coaching schedule-1.xls
[2010/09/21 00:09:30 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Abbey dispute loan.doc
[2010/09/20 00:50:25 | 000,009,380 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Legs week 1-3.pdf
[2010/09/20 00:44:09 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of Itchen Legs week 1-3.xls
[2010/09/19 23:57:50 | 000,056,680 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Marketing Plan Expressions of Interest.pdf
[2010/09/19 23:31:31 | 000,071,725 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\24BW030910.pdf
[2010/09/17 12:04:25 | 000,269,365 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\img097.pdf
[2010/09/15 11:04:47 | 013,825,208 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.mp4
[2010/09/15 11:04:47 | 000,004,897 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.THM
[2010/09/15 10:27:34 | 061,229,348 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Smithy-receives-coach-of-the-year-award[www.savevid.com].mp4
[2010/09/13 13:56:07 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\fitness test.xls
[2010/09/11 11:01:40 | 594,497,996 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\interval.avi
[2010/09/11 01:15:47 | 594,185,984 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\evolution.avi
[2010/09/10 16:29:43 | 603,461,472 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\CNS.avi
[2010/09/10 14:29:47 | 000,209,754 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Yell.jpg
[2010/07/20 11:46:58 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/16 12:48:59 | 040,235,328 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\prvlcl.dat
[2009/08/24 12:19:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\25a3b05b.sys
[2009/07/27 15:23:53 | 000,000,099 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/07/09 10:10:21 | 000,004,592 | ---- | C] () -- C:\WINDOWS\DESGNJT2.INI
[2008/04/18 14:16:18 | 000,007,922 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/15 10:44:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/23 09:22:55 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/03/03 17:03:11 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/02/28 23:14:27 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/28 22:53:51 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/28 22:53:51 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/07 13:34:29 | 000,002,508 | -H-- | C] () -- C:\Documents and Settings\BERNIE\Application Data\$_hpcst$.hpc
[2006/06/21 20:15:25 | 000,000,474 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/05 19:35:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/05 15:13:30 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/05 11:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/06/05 11:44:35 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2006/06/05 11:22:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\fusioncache.dat
[2006/06/01 13:53:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 11:57:21 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/11 11:56:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2000/09/18 16:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll

========== LOP Check ==========

[2009/06/16 14:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/09 15:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/16 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/11/19 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008/02/29 12:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/10/07 01:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nonmribk
[2008/02/29 13:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/26 14:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/03/26 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/11 15:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/13 14:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/02/28 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2008/02/15 17:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Autodesk
[2009/05/27 18:17:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\aAvgApi
[2006/06/07 11:19:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\Autodesk
[2010/10/10 11:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\AVG9
[2009/11/19 19:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Downloaded Installations
[2009/07/17 19:33:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\eBookPro6
[2010/10/08 21:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Ewysn
[2010/10/08 18:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Facebook
[2010/10/08 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\FileZilla
[2008/07/21 11:00:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\GrabIt
[2009/03/16 23:22:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\ImgBurn
[2010/10/02 00:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Nitro PDF
[2008/02/29 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Nokia
[2008/09/01 19:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Nopien
[2010/01/14 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\NSeries
[2010/10/08 18:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Odevk
[2010/01/14 12:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\PC Suite
[2010/10/10 10:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Qyna
[2007/06/23 09:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Samsung
[2008/04/24 14:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Thunderbird
[2010/10/10 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\uTorrent
[2009/12/07 11:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\VidaOne

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >

I have tried to open DDS to do a scan, but when I click run it just opens in a notpad with a load of script.. In the desktop folder it says its file type is autoCADLT script

Managed to scan with Malwarebytes' ... log below

Malwarebytes' Anti-Malware 1.40
Database version: 2687
Windows 5.1.2600 Service Pack 2 (Safe Mode)

10/10/2010 20:30:23
mbam-log-2010-10-10 (20-30-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 292294
Time elapsed: 1 hour(s), 1 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\system32 (Backdoor.Bifrost) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

AVG scan....

AVG 9.0 Anti-Virus command line scanner
Copyright © 1992 - 2010 AVG Technologies
Program version 9.0.832, engine 9.0.861
Virus Database: Version 271.1.1/3183 2010-10-07

C:\32788R22FWJFW\iexplore.exe Virus identified Win32/Zbot.A Object was moved to Virus Vault.
C:\32788R22FWJFW\License\iexplore.exe Virus identified Win32/Zbot.A Object was moved to Virus Vault.
C:\32788R22FWJFW\License\UnxUtilsDist.html Virus found VBS/Generic Object was moved to Virus Vault.
C:\32788R22FWJFW\pev.exe Virus identified Win32/Zbot.A Object was moved to Virus Vault.
C:\32788R22FWJFW\swreg.exe Virus identified Win32/Zbot.A Object was moved to Virus Vault.
C:\Documents and Settings\BERNIE\Desktop\General\progs\Sketch up\GoogleSketchUpProWEN.exe:\is202113.exe Trojan horse Vundo.O
C:\Documents and Settings\BERNIE\Desktop\General\progs\Sketch up\GoogleSketchUpProWEN.exe Trojan horse Vundo.O
C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\BERNIE\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\BERNIE\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 385945
Found infections : 7
Found PUPs : 0
Healed infections : 5
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------

Merged 4 posts. ~ OB

Edited by Orange Blossom, 12 October 2010 - 11:27 PM.


#3 bgm_co

bgm_co
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 10 October 2010 - 06:36 PM

Right I've managed to get combofix working... here is the log from when I run combofix...


ComboFix 10-10-09.06 - BERNIE 11/10/2010 0:15.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1918.1649 [GMT 1:00]
Running from: c:\documents and settings\BERNIE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\BERNIE\Application Data\Nopien
c:\documents and settings\BERNIE\Application Data\Nopien\tasy.exe

c:\windows\system32\drivers\25a3b05b.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2010-09-10 to 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-10-10 10:04 . 2010-10-10 10:04 -------- d-----w- c:\documents and settings\BERNIE\Application Data\AVG9
2010-10-09 18:10 . 2010-10-09 18:10 -------- d-----w- c:\program files\windows
2010-10-09 18:10 . 2010-10-09 18:10 -------- d-----w- c:\program files\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll

[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll

[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll

[-] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\iexplore.exe
[-] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-01_16.22.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 02:19 . 2007-11-07 02:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2005-05-13 11:18 . 2005-05-13 11:18 14848 c:\windows\twain_32\LogiVid\LQCT32_2.dll
+ 2010-07-20 10:47 . 2005-05-27 09:03 49152 c:\windows\twain_32\LogiVid\InstVid.exe
+ 2010-07-20 11:05 . 2004-08-03 23:56 53760 c:\windows\system32\vfwwdm32.dll
+ 2010-07-28 11:26 . 2010-04-16 07:33 41472 c:\windows\system32\ReinstallBackups\0001\DriverFiles\usbaapl.sys
- 2006-05-11 10:42 . 2009-11-07 10:19 69946 c:\windows\system32\perfc009.dat
+ 2006-05-11 10:42 . 2010-04-10 17:14 69946 c:\windows\system32\perfc009.dat
+ 2004-08-04 00:56 . 2004-08-03 23:56 17408 c:\windows\system32\msyuv.dll
- 2004-08-04 00:56 . 2004-08-04 12:00 17408 c:\windows\system32\msyuv.dll
+ 2010-01-14 15:11 . 2010-08-15 14:47 48972 c:\windows\system32\mlfcache.dat
+ 2003-03-18 19:44 . 2003-03-18 20:44 49152 c:\windows\system32\MFC71KOR.DLL
- 2003-03-18 19:44 . 2003-03-18 19:44 49152 c:\windows\system32\MFC71KOR.DLL
+ 2003-03-18 19:44 . 2003-03-18 20:44 49152 c:\windows\system32\MFC71JPN.DLL
- 2003-03-18 19:44 . 2003-03-18 19:44 49152 c:\windows\system32\MFC71JPN.DLL
+ 2003-03-18 19:44 . 2003-03-18 20:44 61440 c:\windows\system32\MFC71ITA.DLL
- 2003-03-18 19:44 . 2003-03-18 19:44 61440 c:\windows\system32\MFC71ITA.DLL
- 2003-03-18 19:44 . 2003-03-18 19:44 61440 c:\windows\system32\MFC71ESP.DLL
+ 2003-03-18 19:44 . 2003-03-18 20:44 61440 c:\windows\system32\MFC71ESP.DLL
- 2003-03-18 21:44 . 2003-03-18 21:44 57344 c:\windows\system32\MFC71ENU.DLL
+ 2003-03-18 21:44 . 2003-03-18 20:44 57344 c:\windows\system32\MFC71ENU.DLL
+ 2003-03-18 19:44 . 2003-03-18 20:44 65536 c:\windows\system32\MFC71DEU.DLL
- 2003-03-18 19:44 . 2003-03-18 19:44 65536 c:\windows\system32\MFC71DEU.DLL
- 2003-03-18 19:44 . 2003-03-18 19:44 45056 c:\windows\system32\MFC71CHT.DLL
+ 2003-03-18 19:44 . 2003-03-18 20:44 45056 c:\windows\system32\MFC71CHT.DLL
- 2003-03-18 19:44 . 2003-03-18 19:44 40960 c:\windows\system32\MFC71CHS.DLL
+ 2003-03-18 19:44 . 2003-03-18 20:44 40960 c:\windows\system32\MFC71CHS.DLL
+ 2005-07-19 16:32 . 2005-07-19 16:32 77824 c:\windows\system32\LVCOMCX.dll
+ 2010-07-20 10:46 . 2005-06-08 13:38 90112 c:\windows\system32\LQCUI2.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 78336 c:\windows\system32\lffax12n.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 30720 c:\windows\system32\lfbmp12n.dll
- 2004-08-04 00:56 . 2004-08-04 12:00 47616 c:\windows\system32\iyuv_32.dll
+ 2004-08-04 00:56 . 2004-08-03 23:56 47616 c:\windows\system32\iyuv_32.dll
+ 2010-07-20 10:47 . 2005-07-19 16:31 53248 c:\windows\system32\InstMed.exe
+ 2010-07-28 11:26 . 2010-04-19 19:47 41984 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaapl.sys
+ 2010-07-28 11:26 . 2010-04-19 19:29 18432 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\netaapl.sys
+ 2006-06-05 11:17 . 2004-08-03 22:08 26496 c:\windows\system32\drivers\USBSTOR.SYS
- 2006-06-05 11:17 . 2004-08-03 23:08 26496 c:\windows\system32\drivers\USBSTOR.SYS
+ 2010-01-13 13:36 . 2010-04-19 19:47 41984 c:\windows\system32\drivers\usbaapl.sys
+ 2004-08-03 23:08 . 2004-08-03 22:08 48640 c:\windows\system32\drivers\stream.sys
- 2004-08-03 23:08 . 2004-08-03 23:08 48640 c:\windows\system32\drivers\stream.sys
+ 2010-07-20 21:51 . 2004-08-03 22:10 11136 c:\windows\system32\drivers\SLIP.sys
+ 2010-07-20 10:46 . 2005-05-27 08:31 22016 c:\windows\system32\drivers\LVUSBSta.sys
+ 2008-05-10 21:42 . 2005-03-08 11:43 21744 c:\windows\system32\drivers\HPZius12.sys
+ 2008-05-10 21:42 . 2005-03-08 11:43 16496 c:\windows\system32\drivers\HPZipr12.sys
+ 2008-05-10 21:42 . 2005-03-08 11:43 51120 c:\windows\system32\drivers\hpzid412.sys
+ 2007-12-07 18:07 . 2010-07-12 12:44 29584 c:\windows\system32\drivers\avgmfx86.sys
+ 2010-05-18 15:35 . 2010-05-18 15:35 91424 c:\windows\system32\dnssd.dll
+ 2010-07-21 07:30 . 2010-07-21 07:30 12536 c:\windows\system32\avgrsstx.dll
+ 2010-03-26 13:22 . 2010-03-26 13:22 70668 c:\windows\Installer\{D36DD326-7280-11D8-97C8-000129760CBE}\ARPPRODUCTICON.exe
+ 2010-03-26 13:19 . 2010-03-26 13:19 86641 c:\windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
+ 2010-07-28 11:28 . 2010-07-28 11:28 27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2005-05-13 11:47 . 2005-05-13 11:47 6656 c:\windows\twain_32\LogiVid\HVidSp2.dll
+ 2001-08-17 22:36 . 2001-08-17 21:36 8192 c:\windows\system32\tsbyuv.dll
- 2001-08-17 22:36 . 2004-08-04 12:00 8192 c:\windows\system32\tsbyuv.dll
- 2006-06-01 11:46 . 2004-08-04 00:56 4096 c:\windows\system32\ksuser.dll
+ 2006-06-01 11:46 . 2004-08-03 23:56 4096 c:\windows\system32\ksuser.dll
- 2009-12-07 11:25 . 2010-01-29 15:46 8224 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2009-12-07 11:25 . 2010-10-04 11:58 8224 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2010-07-20 10:46 . 2005-05-27 08:29 159744 c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2005-05-13 11:46 . 2005-05-13 11:46 221184 c:\windows\twain_32\LogiVid\PCSmart2.dll
+ 2003-02-21 04:42 . 2003-02-21 04:42 348160 c:\windows\twain_32\LogiVid\msvcr71.dll
+ 2003-03-18 20:14 . 2003-03-18 20:14 499712 c:\windows\twain_32\LogiVid\msvcp71.dll
+ 2005-05-13 11:47 . 2005-05-13 11:47 696320 c:\windows\twain_32\LogiVid\LHPorta2.dll
+ 2005-05-13 11:47 . 2005-05-13 11:47 212992 c:\windows\twain_32\LogiVid\HVideoS2.exe
+ 2005-05-13 11:47 . 2005-05-13 11:47 315392 c:\windows\twain_32\LogiVid\HPortal2.dll
+ 2004-01-30 15:07 . 2004-01-30 15:07 245408 c:\windows\system32\unicows.dll
+ 2010-07-20 10:46 . 2005-06-08 13:41 466944 c:\windows\system32\QCUI2.dll
- 2006-05-11 10:42 . 2009-11-07 10:19 436258 c:\windows\system32\perfh009.dat
+ 2006-05-11 10:42 . 2010-04-10 17:14 436258 c:\windows\system32\perfh009.dat
- 2004-08-04 00:56 . 2004-08-04 12:00 294912 c:\windows\system32\msh263.drv
+ 2004-08-04 00:56 . 2004-08-03 23:56 294912 c:\windows\system32\msh263.drv
- 2006-05-11 10:46 . 2004-08-04 12:00 924432 c:\windows\system32\mfc40.dll
+ 2006-05-11 10:46 . 2001-08-23 04:00 924432 c:\windows\system32\mfc40.dll
+ 2010-07-20 11:08 . 2010-07-20 11:08 231888 c:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe
+ 2010-07-20 10:46 . 2005-05-27 08:36 372736 c:\windows\system32\LVUI2RC.dll
+ 2010-07-20 10:46 . 2005-05-27 08:29 204800 c:\windows\system32\LVUI2.dll
+ 2005-07-19 16:32 . 2005-07-19 16:32 258048 c:\windows\system32\LVMAENUM.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 215552 c:\windows\system32\Lvkrn12n.dll
+ 2005-07-19 16:32 . 2005-07-19 16:32 221184 c:\windows\system32\LVCOMSX.EXE
+ 2010-07-20 10:46 . 2004-02-14 10:53 110592 c:\windows\system32\lvcoinst.dll
+ 2010-07-20 10:46 . 2005-05-27 08:26 204800 c:\windows\system32\LVCodec2.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 856064 c:\windows\system32\Ltwvc12n.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 406016 c:\windows\system32\ltkrn12n.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 164864 c:\windows\system32\ltimg12n.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 131072 c:\windows\system32\ltfil12n.DLL
+ 2010-07-20 10:46 . 2005-06-08 13:31 207872 c:\windows\system32\ltefx12n.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 259072 c:\windows\system32\LTDIS12n.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 141312 c:\windows\system32\lftif12n.dll
+ 2010-07-20 10:46 . 2005-06-08 13:31 328704 c:\windows\system32\LFCMP12n.DLL
+ 2010-07-20 10:46 . 2005-06-08 14:12 462848 c:\windows\system32\LCamCpl.dll
+ 2008-05-10 21:42 . 2005-03-08 11:39 274432 c:\windows\system32\HPZc3212.dll
+ 2006-06-01 11:44 . 2010-04-10 17:09 231984 c:\windows\system32\FNTCACHE.DAT
+ 2010-07-20 10:46 . 2004-02-14 10:55 471712 c:\windows\system32\drivers\lvcd.sys
+ 2004-08-03 23:15 . 2004-08-03 22:15 140928 c:\windows\system32\drivers\ks.sys
- 2004-08-03 23:15 . 2004-08-03 23:15 140928 c:\windows\system32\drivers\ks.sys
+ 2009-11-03 11:39 . 2010-07-21 07:30 243024 c:\windows\system32\drivers\avgtdix.sys
+ 2009-01-16 10:46 . 2010-07-21 07:29 216400 c:\windows\system32\drivers\avgldx86.sys
+ 2010-05-18 15:35 . 2010-05-18 15:35 107808 c:\windows\system32\dns-sd.exe
+ 2010-07-20 10:47 . 2003-05-02 13:14 466944 c:\windows\system32\capicom.dll
+ 2010-08-05 18:43 . 2010-08-05 18:43 210944 c:\windows\Installer\2a8de48a.msi
+ 2010-08-05 18:43 . 2010-08-05 18:43 426496 c:\windows\Installer\2a8de485.msi
+ 2010-08-05 18:43 . 2010-08-05 18:43 134144 c:\windows\Installer\2a8de480.msi
+ 2010-08-05 17:53 . 2010-08-05 17:53 807936 c:\windows\Installer\2a5f4b66.msi
+ 2010-03-26 13:22 . 2010-03-26 13:22 228352 c:\windows\Installer\156125d3.msi
+ 2010-03-26 13:20 . 2010-03-26 13:20 884224 c:\windows\Installer\156125c7.msi
+ 2010-08-05 17:55 . 2010-08-05 17:55 897024 c:\windows\Installer\{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}\SafariIco.exe
+ 2010-07-28 11:48 . 2010-07-28 11:48 372736 c:\windows\Installer\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}\iTunesIco.exe
+ 2008-05-09 13:34 . 2010-08-05 18:43 102032 c:\windows\hpoins04.dat
+ 2005-09-23 13:48 . 2005-09-23 13:48 356352 c:\windows\eSellerateEngine.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-01-13 13:36 . 2010-04-19 19:47 3062048 c:\windows\system32\usbaaplrc.dll
+ 2010-07-28 11:26 . 2010-04-16 07:33 3003680 c:\windows\system32\ReinstallBackups\0001\DriverFiles\usbaaplrc.dll
+ 2009-02-03 02:15 . 2010-07-20 11:08 5612496 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-07-28 11:26 . 2010-04-19 19:47 3062048 c:\windows\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\usbaaplrc.dll
+ 2010-07-28 11:26 . 2010-04-19 19:29 1461992 c:\windows\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\wdfcoinstaller01009.dll
+ 2010-08-05 17:55 . 2010-08-05 17:55 3140608 c:\windows\Installer\2a5f4b6d.msi
+ 2010-07-28 11:48 . 2010-07-28 11:48 5731328 c:\windows\Installer\24dd1bf9.msi
+ 2010-07-28 11:38 . 2010-07-28 11:38 9472000 c:\windows\Installer\24dd13ff.msi
+ 2010-07-28 11:28 . 2010-07-28 11:28 1554944 c:\windows\Installer\24dd114d.msi
+ 2010-07-28 11:26 . 2010-07-28 11:26 3089408 c:\windows\Installer\24dd10ef.msi
+ 2010-07-28 11:24 . 2010-07-28 11:24 1984000 c:\windows\Installer\24dd10b2.msi
+ 2010-08-04 07:10 . 2010-08-04 07:10 1687040 c:\windows\Installer\22ec70de.msi
+ 2010-03-26 15:33 . 2010-03-26 15:33 5483520 c:\windows\Installer\15dd0df5.msi
+ 2010-03-26 13:22 . 2010-03-26 13:22 2402304 c:\windows\Installer\156125d7.msi
+ 2010-03-26 13:19 . 2010-03-26 13:19 6172160 c:\windows\Installer\156125be.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-19 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-02-22 3537968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-30 2526784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-02 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 577536]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"nerofiltercheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-6-28 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-21 07:30 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\BERNIE\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11632:TCP"= 11632:TCP:BitComet 11632 TCP
"11632:UDP"= 11632:UDP:BitComet 11632 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [11/05/2006 17:05 102528]
R0 si3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\si3112r.sys [11/05/2006 11:58 97920]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [11/05/2006 11:58 10240]
R1 avgtdix;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/11/2009 12:39 243024]
S1 25a3b05b;25a3b05b;c:\windows\system32\drivers\25a3b05b.sys [24/08/2009 12:19 0]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/01/2009 11:46 216400]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [21/07/2010 08:30 308136]
S2 ijst;ijst;c:\windows\system32\drivers\oqmsd.sys --> c:\windows\system32\drivers\oqmsd.sys [?]
S2 nitrodriverreadspool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15/09/2009 11:20 188736]
S3 Normandy;Normandy SR2; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://publicaccess.testvalley.gov.uk/publicaccess/tdc/DcApplication/application_searchform.aspx
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab
FF - ProfilePath - c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.zurich.co.uk/buildingguarantee/index.html
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{EAACC532-30C8-82F2-D22C-C84B3C4EB908} - c:\documents and settings\BERNIE\Application Data\Nopien\tasy.exe
AddRemove-InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} - c:\progra~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635} - c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
AddRemove-InstallShield_{D1B11537-EA51-4DD8-BF1E-098BEE48868D} - c:\program files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe
AddRemove-Magic ISO Maker v5.3 (build 0221) - c:\progra~1\MagicISO\UNWISE.EXE
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
AddRemove-OpenAL - c:\program files\OpenAL\oalinst.exe
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{AC1314E7-D28C-40A1-B322-80D2868D35CE} - c:\program files\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzscr01.exe



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll si3112r.sys >>UNKNOWN [0x89AF48C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf764bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74c67b4
\Driver\iaStor -> iaStor.sys @ 0xf7b1dade
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2
ParseProcedure -> ntoskrnl.exe @ 0x8057c745
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xbaf32bc3
PacketIndicateHandler -> NDIS.sys @ 0xbaf3eb21
SendHandler -> NDIS.sys @ 0xbaf32d33
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(336)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-11 00:33:13
ComboFix-quarantined-files.txt 2010-10-10 23:33

Pre-Run: 190,821,117,952 bytes free
Post-Run: 191,439,380,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /safeboot:network

- - End Of File - - F64333030BB09305699E6581B4E67E5D


#4 bgm_co

bgm_co
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 11 October 2010 - 01:36 AM

OTL log after running combofix

OTL logfile created on: 11/10/2010 07:27:28 - Run 5
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\BERNIE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 178.32 Gb Free Space | 38.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESIGNWORK
Current User Name: BERNIE
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BERNIE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BERNIE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nitrodriverreadspool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (seaport) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (ijst) -- C:\WINDOWS\System32\drivers\oqmsd.sys File not found
DRV - (catchme) -- C:\DOCUME~1\BERNIE\LOCALS~1\Temp\catchme.sys File not found
DRV - (avgtdix) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (25a3b05b) -- C:\WINDOWS\System32\drivers\25a3b05b.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (m5288) -- C:\WINDOWS\system32\drivers\m5288.sys (ULi Electronics Inc.)
DRV - (si3112r) -- C:\WINDOWS\system32\drivers\si3112r.sys (Silicon Image, Inc.)
DRV - (SiWinAcc) -- C:\WINDOWS\system32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\WINDOWS\system32\drivers\lvcd.sys (Logitech Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://publicaccess.testvalley.gov.uk/publ...searchform.aspx
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-179605362-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.zurich.co.uk/buildingguarantee/index.html"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/10/02 21:34:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/16 23:50:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/08 03:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/15 10:01:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/09 17:57:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/28 12:38:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.12\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/09 17:57:38 | 000,000,000 | ---D | M]

[2008/12/09 11:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Extensions
[2008/12/09 11:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions
[2010/07/20 12:10:46 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/06/29 10:20:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/20 12:10:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2007/04/21 21:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/05/18 12:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/10/06 14:45:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/08 11:26:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/18 10:31:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/23 15:33:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2010/04/08 11:26:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/08 11:26:18 | 000,134,616 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 17:41:24 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/08 11:26:19 | 000,065,496 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/02 13:08:30 | 000,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2007/03/02 13:08:34 | 000,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2007/03/02 13:08:28 | 000,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/25 17:41:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2008/12/09 11:46:19 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/12/09 11:46:19 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/03 12:41:24 | 000,002,265 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2008/12/09 11:46:19 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/12/09 11:46:19 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/12/09 11:46:19 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/12/09 11:46:19 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/12/09 11:46:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/12/09 11:46:19 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/11 00:27:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - No CLSID value found.
O2 - BHO: (Search Helper) - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\S-1-5-21-861567501-179605362-682003330-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [nerofiltercheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-861567501-179605362-682003330-1005..\RunOnce: [FFTI] C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-179605362-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} https://www.promapserver.co.uk/controls/latest/promap.cab (Promap Control)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BERNIE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/01 11:49:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/11 00:33:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/11 00:04:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/10 13:23:50 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
[2010/10/10 11:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BERNIE\Application Data\AVG9
[2010/10/09 19:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\windows
[2010/10/09 19:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\tmp
[2010/09/29 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BERNIE\Desktop\STUDY
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\BERNIE\My Documents\*.tmp files -> C:\Documents and Settings\BERNIE\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/11 07:24:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/11 00:37:54 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\BERNIE\NTUSER.DAT
[2010/10/11 00:37:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\BERNIE\ntuser.ini
[2010/10/11 00:28:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/11 00:27:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/11 00:04:14 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2010/10/10 23:21:24 | 003,876,688 | R--- | M] () -- C:\Documents and Settings\BERNIE\Desktop\ComboFix.exe
[2010/10/10 14:11:21 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\RKUnhookerLE.EXE
[2010/10/10 13:46:22 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\dds.scr
[2010/10/10 13:23:58 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BERNIE\Desktop\OTL.exe
[2010/10/10 11:01:57 | 000,000,670 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/10 11:01:57 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2010/10/10 11:00:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 15:57:34 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/08 21:47:11 | 000,012,674 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/08 21:17:33 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\jg98hrmx.exe
[2010/10/08 09:23:07 | 065,743,803 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/07 15:30:13 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/07 14:50:34 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\I AM A CHAMPION.doc
[2010/10/06 14:42:17 | 000,046,803 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 4.jpg
[2010/10/06 14:29:01 | 000,046,651 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 3.jpg
[2010/10/06 14:26:27 | 000,048,273 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 2.jpg
[2010/10/06 14:23:28 | 000,053,115 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\bench 1.jpg
[2010/10/06 13:06:56 | 003,767,828 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\I_will.mp3
[2010/10/06 07:14:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/04 12:58:14 | 000,008,224 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/09/28 21:00:43 | 001,821,544 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\muscular anatomy.jpg
[2010/09/28 20:43:37 | 000,004,592 | ---- | M] () -- C:\WINDOWS\DESGNJT2.INI
[2010/09/28 20:40:59 | 001,520,729 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Skeletal anatomy.jpg
[2010/09/28 18:35:40 | 000,683,134 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Gym Course Paperwork.zip
[2010/09/27 11:25:43 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Workout week 1-3.xls
[2010/09/27 11:24:17 | 000,009,775 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen lower body week 1-3.pdf
[2010/09/27 11:14:42 | 000,010,308 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Upper body week 1-3.pdf
[2010/09/27 11:12:05 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of Itchen Legs week 1-3.xls
[2010/09/23 15:01:49 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of coaching schedule-1.xls
[2010/09/21 00:30:00 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Abbey dispute loan.doc
[2010/09/20 00:52:53 | 000,009,380 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Legs week 1-3.pdf
[2010/09/19 23:57:50 | 000,056,680 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Marketing Plan Expressions of Interest.pdf
[2010/09/19 23:31:42 | 000,071,725 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\24BW030910.pdf
[2010/09/17 12:04:25 | 000,269,365 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\img097.pdf
[2010/09/15 11:07:18 | 013,825,208 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.mp4
[2010/09/15 11:04:47 | 000,004,897 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.THM
[2010/09/15 10:42:03 | 061,229,348 | ---- | M] () -- C:\Documents and Settings\BERNIE\My Documents\Smithy-receives-coach-of-the-year-award[www.savevid.com].mp4
[2010/09/14 17:13:29 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\fitness test.xls
[2010/09/11 13:53:05 | 594,497,996 | ---- | M] () -- C:\Documents and Settings\BERNIE\Desktop\interval.avi
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\Documents and Settings\BERNIE\My Documents\*.tmp files -> C:\Documents and Settings\BERNIE\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/10 14:11:17 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\RKUnhookerLE.EXE
[2010/10/10 13:46:11 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\dds.scr
[2010/10/08 21:17:30 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\jg98hrmx.exe
[2010/10/07 14:50:34 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\I AM A CHAMPION.doc
[2010/10/06 14:42:17 | 000,046,803 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 4.jpg
[2010/10/06 14:29:01 | 000,046,651 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 3.jpg
[2010/10/06 14:26:27 | 000,048,273 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 2.jpg
[2010/10/06 14:23:28 | 000,053,115 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\bench 1.jpg
[2010/10/06 13:05:30 | 003,767,828 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\I_will.mp3
[2010/09/28 21:00:42 | 001,821,544 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\muscular anatomy.jpg
[2010/09/28 20:40:58 | 001,520,729 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Skeletal anatomy.jpg
[2010/09/28 18:35:39 | 000,683,134 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Gym Course Paperwork.zip
[2010/09/27 11:19:56 | 000,009,775 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen lower body week 1-3.pdf
[2010/09/27 11:14:42 | 000,010,308 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Upper body week 1-3.pdf
[2010/09/27 11:12:28 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Workout week 1-3.xls
[2010/09/23 13:34:08 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of coaching schedule-1.xls
[2010/09/21 00:09:30 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Abbey dispute loan.doc
[2010/09/20 00:50:25 | 000,009,380 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Itchen Legs week 1-3.pdf
[2010/09/20 00:44:09 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\Copy of Itchen Legs week 1-3.xls
[2010/09/19 23:57:50 | 000,056,680 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Marketing Plan Expressions of Interest.pdf
[2010/09/19 23:31:31 | 000,071,725 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\24BW030910.pdf
[2010/09/17 12:04:25 | 000,269,365 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\img097.pdf
[2010/09/15 11:04:47 | 013,825,208 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.mp4
[2010/09/15 11:04:47 | 000,004,897 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Produce_4.THM
[2010/09/15 10:27:34 | 061,229,348 | ---- | C] () -- C:\Documents and Settings\BERNIE\My Documents\Smithy-receives-coach-of-the-year-award[www.savevid.com].mp4
[2010/09/13 13:56:07 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\fitness test.xls
[2010/09/11 11:01:40 | 594,497,996 | ---- | C] () -- C:\Documents and Settings\BERNIE\Desktop\interval.avi
[2010/07/20 11:46:58 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/16 12:48:59 | 040,235,328 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\prvlcl.dat
[2009/08/24 12:19:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\25a3b05b.sys
[2009/07/27 15:23:53 | 000,000,099 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2008/07/09 10:10:21 | 000,004,592 | ---- | C] () -- C:\WINDOWS\DESGNJT2.INI
[2008/04/18 14:16:18 | 000,007,922 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/15 10:44:47 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/23 09:22:55 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/03/03 17:03:11 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/02/28 23:14:27 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/28 22:53:51 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/28 22:53:51 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/07 13:34:29 | 000,002,508 | -H-- | C] () -- C:\Documents and Settings\BERNIE\Application Data\$_hpcst$.hpc
[2006/06/21 20:15:25 | 000,000,474 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/05 19:35:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/05 15:13:30 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/05 11:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/06/05 11:44:35 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2006/06/05 11:22:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\BERNIE\Local Settings\Application Data\fusioncache.dat
[2006/06/01 13:53:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 11:57:21 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/11 11:56:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2000/09/18 16:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll

========== LOP Check ==========

[2009/06/16 14:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/09 15:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/16 11:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/11/19 19:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008/02/29 12:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2008/10/07 01:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nonmribk
[2008/02/29 13:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/03/26 14:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/03/26 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/11 15:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/13 14:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2007/02/28 22:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2008/02/15 17:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andy\Application Data\Autodesk
[2009/05/27 18:17:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\aAvgApi
[2006/06/07 11:19:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\Autodesk
[2010/10/10 11:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\AVG9
[2009/11/19 19:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Downloaded Installations
[2009/07/17 19:33:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\eBookPro6
[2010/10/08 21:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Ewysn
[2010/10/08 18:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Facebook
[2010/10/08 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\FileZilla
[2008/07/21 11:00:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\GrabIt
[2009/03/16 23:22:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\BERNIE\Application Data\ImgBurn
[2010/10/02 00:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Nitro PDF
[2008/02/29 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Nokia
[2010/01/14 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\NSeries
[2010/10/08 18:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Odevk
[2010/01/14 12:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\PC Suite
[2010/10/10 10:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Qyna
[2007/06/23 09:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Samsung
[2008/04/24 14:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\Thunderbird
[2010/10/10 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\uTorrent
[2009/12/07 11:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BERNIE\Application Data\VidaOne

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >

HijackThis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:02:45, on 11/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://publicaccess.testvalley.gov.uk/publ...searchform.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - (no file)
O2 - BHO: Search Helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [nerofiltercheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\BERNIE\Application Data\Mozilla\Firefox\Profiles/a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} (Promap Control) - https://www.promapserver.co.uk/controls/latest/promap.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (nitrodriverreadspool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)

--
End of file - 12395 bytes

EDIT: Please be patient. There are over 360 unanswered topics in this forum at present and the current average wait time to receive help is about a week. ~BP

Merged 2 posts. Also deleted 3-4 bumping posts that added no content. ~ OB

Edited by Orange Blossom, 12 October 2010 - 11:30 PM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 17 October 2010 - 05:02 AM

I'm afraid I have very bad news.

Win32/Ramnit.A is a file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.
With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of infection can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

In my opinion, Ramnit.A is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
QUOTE
Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system
Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.
QUOTE
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 bgm_co

bgm_co
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 18 October 2010 - 03:49 AM

So basically wiping it clean and start again?

What is the best way to save my work from it? Are there certain files that will not be infected? Sorry if these are silly questions!

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 18 October 2010 - 04:25 AM

Hi,

yes, my suggestion would definitely be a wipe and reinstall.

You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.
Also see How to keep your Windows XP activation after clean install.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows pre-installed. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media.

If you need additional assistance with reformatting or have questions about multiple hard drives, you can start a new topic in the Windows XP Home and Professional forum. If you don't get a reply, please send me a PM and I will get someone to take a look.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:02 PM

Posted 27 October 2010 - 06:33 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users