Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo LP,Diversion of Searches


  • This topic is locked This topic is locked
84 replies to this topic

#1 Masochist1

Masochist1

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 12 October 2010 - 06:47 PM

Boopme

GMER will not run

Here is the DDS log. Hope this is what you wanted and is in the right place


DDS (Ver_10-10-10.03) - NTFSx86
Run by David1 at 23:27:28.98 on 10/10/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.307 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
svchost.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSstsystra.exe
C:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
C:WINDOWSSystem32spoolDRIVERSW32X863fpdisp5a.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesBrotherBrmfcmonBrMfcWnd.exe
C:Program FilesBrotherControlCenter3brccMCtl.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesIE New Window Maximizeriemaximizer.exe
C:Program FilesEscapeCloseEscapeClose.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesBrotherBrmfcmonBrMfcmon.exe
C:PROGRA~1AshampooASHAMP~2PopUpKiller.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Documents and SettingsDavid1Local SettingsApplication DataGoogleUpdate1.2.183.29GoogleCrashHandler.exe
C:Program Files1-Click Answersanswers.exe
C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe
C:Program FilesLogitechSetPointSetPoint.exe
C:PROGRA~11-CLIC~1agtserv.exe
C:Program FilesQClipqclip.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:WINDOWSexplorer.exe
C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsDavid1Desktopdds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.uk/
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
uURLSearchHooks: MapNeto 1 Toolbar: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - c:program filesmapneto_1tbMapN.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:program fileswinamp toolbarwinamptb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpnyt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: {0bd6f992-62ad-47f7-aca6-299729be4e2b} - No File
BHO: MapNeto 1 Toolbar: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - c:program filesmapneto_1tbMapN.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:program fileswinamp toolbarwinamptb.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:program filesconduitengineConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: IE PopUp-Killer: {49e0e0f0-5c30-11d4-945d-000000000003} - c:progra~1ashampooashamp~2PopUp.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlatfswshx.dll
BHO: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:program filessiber systemsai roboformroboform.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.6.5612.1312swg.dll
BHO: {C26CD490-5F01-41E3-B150-EB29F19DA056} - No File
BHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:program filesspoofstickspoofstickSpoofStickBHO.dll
BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpnYTSingleInstance.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:program filessiber systemsai roboformroboform.dll
TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:program filesspoofstickspoofstickSpoofStick.dll
TB: {17505f05-6a31-4e4c-a63c-4cd87dd35f21} - No File
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:program fileswinamp toolbarwinamptb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg9toolbarIEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpnyt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: MapNeto 1 Toolbar: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - c:program filesmapneto_1tbMapN.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:program filesconduitengineConduitEngine.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:program filesask.comGenericAskToolbar.dll
TB: {7754C418-F62E-44AA-B169-E719E718BCFD} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [UninstallAbility] "c:program filesuninstallabilityuability.exe" /AUTO
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
uRun: [IE New Window Maximizer] c:program filesie new window maximizeriemaximizer.exe
uRun: [Google Update] "c:documents and settingsdavid1local settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [EscapeClose] c:program filesescapecloseEscapeClose.exe
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [Ashampoo PopUpBlocker] c:progra~1ashampooashamp~2PopUpKiller.exe
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [3FWHZQA3LT] c:docume~1david1locals~1tempLq1.exe
uRun: [RoboForm] "c:program filessiber systemsai roboformRoboTaskBarIcon.exe"
mRun: [WinampAgent] "c:program fileswinampwinampa.exe"
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [mmtask] c:program filesmusicmatchmusicmatch jukeboxmmtask.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [FinePrint Dispatcher v5] "c:windowssystem32spooldriversw32x863fpdisp5a.exe" /source=HKLM
mRun: [dla] c:windowssystem32dlatfswctrl.exe
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [ZoneAlarm Client] "c:program fileszone labszonealarmzlclient.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 8.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
mRun: [SSBkgdUpdate] "c:program filescommon filesscansoft sharedssbkgdupdateSSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:program filesscansoftpaperportpptd40nt.exe"
mRun: [IndexSearch] "c:program filesscansoftpaperportIndexSearch.exe"
mRun: [PPort11reminder] "c:program filesscansoftpaperporteregereg.exe" -r "c:documents and settingsall usersapplication datascansoftpaperport11configeregEreg.ini"
mRun: [BrMfcWnd] c:program filesbrotherbrmfcmonBrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:program filesbrothercontrolcenter3brctrcen.exe /autorun
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [ATICCC] "c:program filesati technologiesati.aceCLIStart.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:program filesmalwarebytes' anti-malwarembamgui.exe /install /silent
dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
dRun: [RoboForm] "c:program filessiber systemsai roboformRoboTaskBarIcon.exe"
dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t
StartupFolder: c:docume~1david1startm~1programsstartupbbcipl~1.lnk - c:program filesbbc iplayer desktopBBC iPlayer Desktop.exe
StartupFolder: c:docume~1david1startm~1programsstartupopenof~2.lnk - c:program filesopenoffice.org 2.3programquickstart.exe
StartupFolder: c:docume~1david1startm~1programsstartupqclip.lnk - c:program filesqclipqclip.exe
StartupFolder: c:docume~1david1startm~1programsstartupyahoo!~1.lnk - c:program filesyahoo!widgetsYahooWidgets.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartup1-clic~1.lnk - c:program files1-click answersanswers.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupadobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupkodake~1.lnk - c:program fileskodakkodak easyshare softwarebinEasyShare.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartuplogite~1.lnk - c:program fileslogitechsetpointSetPoint.exe
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: Customize Menu - file://c:program filessiber systemsai roboformRoboFormComCustomizeIEMenu.html
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm TaskBar Icon - file://c:program filessiber systemsai roboformRoboFormComTaskBarIcon.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - c:program filessiber systemsai roboformRoboFormComTaskBarIcon.html
IE: {595AF525-CA9D-404E-B6F0-DC2A7879DB8A}
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:program filessiber systemsai roboformRoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
Trusted Zone: google.co.ukwww
Trusted Zone: mindweavers.co.ukwww
Trusted Zone: neatnettricks.com
Trusted Zone: zonelabs.comwww
DPF: Microsoft XML Parser for Java
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:program filesavgavg9toolbarIEToolbar.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:program filesbelarcadvisorsystemBAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
LSA: Authentication Packages = msv1_0 nwprovau
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:docume~1david1applic~1mozillafirefoxprofilestw6rgh1j.default
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - plugin: c:documents and settingsdavid1application datamozillafirefoxprofilestw6rgh1j.defaultextensions{e2883e8f-472f-4fb0-9522-ac9bf37916a7}pluginsnp_gp.dll
FF - plugin: c:documents and settingsdavid1local settingsapplication datagoogleupdate1.2.183.29npGoogleOneClick8.dll
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:program filesgoogleupdate1.2.183.29npGoogleOneClick8.dll
FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2010-5-29 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2010-5-29 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2010-5-29 243024]
R2 aawservice;Ad-Aware 2007 Service;c:program filesad-aware 2007aawservice.exe [2007-10-29 587096]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-7-17 308136]
R2 vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2010-6-19 532224]
R2 vsmon;TrueVector Internet Monitor;c:windowssystem32zonelabsvsmon.exe -service --> c:windowssystem32zonelabsvsmon.exe -service [?]
S2 gupdate1c9bc2b1248093a;Google Update Service (gupdate1c9bc2b1248093a);c:program filesgoogleupdateGoogleUpdate.exe [2009-4-13 133104]
S2 srrqwwmm;srrqwwmm; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesavgavg9toolbarToolbarBroker.exe [2010-5-29 431432]

============== File Associations ===============

.cmd=

=============== Created Last 30 ================

2010-10-10 14:46:52 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-10-10 14:46:49 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-10-10 14:46:49 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-10-09 18:20:32 3018064 ----a-w- c:program filesAiRoboForm-cnetc.exe
2010-10-01 09:32:52 1131 ----a-w- c:program filesxp_sendtodesktop.vbs
2010-09-29 20:20:36 -------- d-----w- c:docume~1david1applic~1PriceGong
2010-09-29 20:20:22 -------- d-----w- c:docume~1david1locals~1applic~1MapNeto_1
2010-09-29 20:20:09 -------- d-----w- c:docume~1david1locals~1applic~1ConduitEngine
2010-09-29 20:20:08 -------- d-----w- c:program filesConduitEngine
2010-09-29 20:19:59 -------- d-----w- c:program filesMapNeto_1
2010-09-29 00:58:53 -------- d-----w- c:program filesEddieB
2010-09-28 00:10:36 6153352 ----a-w- c:program filesmbam-setup-1.46.exe
2010-09-23 13:42:24 95672 ----a-w- c:program filesmozilla firefoxpluginsnppdf32.dll
2010-09-23 13:35:11 -------- d-----w- c:docume~1david1applic~1PC-FAX TX

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:windowssystem32spoolsv.exe
2010-08-10 04:15:58 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:windowssystem32QuickTime.qts
2010-07-22 15:49:15 590848 ----a-w- c:windowssystem32rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:windowssystem32xpsp4res.dll
2010-07-17 11:02:08 12536 ----a-w- c:windowssystem32avgrsstx.dll
2010-07-17 04:00:04 423656 ----a-w- c:windowssystem32deployJava1.dll
2010-07-17 01:42:29 73728 ----a-w- c:windowssystem32javacpl.cpl
2010-07-15 01:36:28 0 ----a-w- c:program filesynslupfkwd.tmp
2010-07-05 12:25:48 921376 ----a-w- c:program filesJavaSetup6u20.exe
2010-05-29 06:05:44 2131808 ----a-w- c:program filesavg_free_stb_all_9_114_cnet.exe
2010-05-10 00:56:36 41295 ----a-w- c:program filesariuinst.exe
2010-03-11 02:21:04 79448 ----a-w- c:program fileswulWinupdates_setup.exe
2010-02-21 16:22:39 20795168 ----a-w- c:program filesLimeWireWin.exe
2009-11-10 01:59:29 1820280 ----a-w- c:program filesabiword_8798.exe
2009-11-07 13:52:38 157484384 ----a-w- c:program filesOOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
2009-11-06 02:16:27 892928 ----a-w- c:program fileswisediagnostic.EXE
2009-11-06 02:16:23 685988 ----a-w- c:program filesStartup Inspector isw2.exe
2009-11-05 17:45:38 891008 ----a-w- c:program filesavg_free_stb_en_9_39_free.exe
2009-08-20 08:13:26 9815040 ----a-w- c:program filesopenofficeorg31.msi
2009-08-03 23:15:01 21935408 ----a-w- c:program filesQuickTimeInstaller.exe
2009-07-22 12:59:27 14224112 ----a-w- c:program fileswinamp556_full_emusic-7plus_all.exe
2009-07-22 09:50:13 10277728 ----a-w- c:program fileswinamp556_full_emusic-7plus_en-us.exe
2009-07-21 18:16:36 17663352 ----a-w- c:program fileswinamp556_full_bundle_emusic-7plus_all.exe
2009-06-28 17:19:25 54074736 ----a-w- c:program filessetpoint472.exe
2009-02-16 01:22:47 2327656 ----a-w- c:program filesspeedupmypc3.exe
2009-02-10 19:21:55 2698976 ----a-w- c:program filessystemtweaker.exe
2009-02-10 18:30:50 2104768 ----a-w- c:program filesDriver Scanner.exe
2008-12-19 16:59:00 183514 ----a-w- c:program filesqclip-setup.exe
2008-10-14 11:33:44 2189864 ----a-w- c:program filesmbam-setup.exe
2008-09-07 18:19:48 948392 ----a-w- c:program fileshddh.exe
2008-03-16 12:29:41 125892318 ----a-w- c:program filesOOo_2.3.1_Win32Intel_install_wJRE_en-US.exe
2008-01-31 19:18:38 6613816 ----a-w- c:program filesDRWSetup.exe
2008-01-12 01:02:13 14113576 ----a-w- c:program filesavgas-setup-7.5.1.43-3339.exe
2008-01-05 17:24:04 41724304 ----a-w- c:program fileszlsSetup_70_462_000_en.exe
2008-01-02 19:14:08 658771 ----a-w- c:program filesMWSnap300.exe
2007-12-21 18:37:17 12220104 ----a-w- c:program filesashampoo_winoptimizerplatinum330_se.exe
2007-12-16 02:46:51 5629711 ----a-w- c:program fileswinboard-4_2_7a.exe
2007-12-11 01:09:14 1000280 ----a-w- c:program filesoptimize-setup-1051.exe
2007-12-07 16:05:19 3178952 ----a-w- c:program filesXoftSpySE433_263.exe
2007-12-06 03:10:34 21216112 ----a-w- c:program filesAdaware 2007.exe
2007-12-06 03:10:34 21216112 ----a-w- c:program filesaaw2007.exe
2007-11-30 22:01:00 52770576 ----a-w- c:program filesdotnetfx3.exe
2007-11-29 02:43:02 433679 ----a-w- c:program filesiemaximizer23.exe
2007-11-10 21:08:48 731648 ----a-w- c:program filesAllChars-4.0.321.msi
2007-11-04 22:14:49 32456704 ----a-w- c:program filesdell_support_center.msi
2007-10-23 18:39:13 163380 ----a-w- c:program filesarial32.exe
2007-10-03 19:12:55 23510720 ----a-w- c:program filesdotnetfx.exe
2007-08-06 17:26:08 39123134 ----a-w- c:program filesScanto01TB.exe
2007-07-30 01:46:05 1893383 ----a-w- c:program filesstinger.exe
2007-01-19 01:38:59 5186048 ----a-w- c:program filesWindowsDefender.msi
2006-11-04 02:23:11 5037072 ----a-w- c:program filesspybotsd14.exe
2006-10-31 11:46:22 17207032 ----a-w- c:program filesavg75free_428a818.exe
2006-10-06 00:24:38 1274368 ----a-w- c:program filessiw.exe
2006-09-16 20:18:49 559856 ----a-w- c:program filesWindowsXP-KB906569-v2-x86-ENU.exe
2006-05-29 01:50:57 1843200 ----a-w- c:program filesexposedsetup.exe
2006-05-24 01:42:18 1507696 ----a-w- c:program filesptreplicator-setup.exe
2006-05-22 15:54:11 12319320 ----a-w- c:program filesinstallactivescan.exe
2006-05-14 16:40:43 4981840 ----a-w- c:program filesofficexp-kb873352-fullfile-enu.exe
2006-05-14 13:21:00 3833344 ----a-w- c:program filesow32enen854.exe
2006-05-07 01:23:43 1748488 ----a-w- c:program filesinstall.exe
2006-04-09 01:04:00 845594 ----a-w- c:program filesdlsetup.exe
2006-01-25 20:00:09 5582185 ----a-w- c:program filesDMX_Update307B32n_Silent.exe
2005-12-10 13:24:38 8226111 ----a-w- c:program filesInstallationAssistant.exe
2005-12-10 12:41:20 13427415 ----a-w- c:program filesInstallationAssistantJVM.exe
2005-12-07 21:55:17 16150144 ----a-w- c:program filesavg71free_371a669.exe
2005-11-23 13:56:38 10537576 ----a-w- c:program fileszlsSetup_61_737_000_en.exe
2005-11-12 21:42:36 12754672 ----a-w- c:program filesMP10Setup.exe
2005-10-25 21:34:10 621200 ----a-w- c:program filesinstall_easyshare.exe
2005-10-25 19:35:59 906629 ----a-w- c:program filessendto16.exe
2005-10-25 19:32:52 553687 ----a-w- c:program filesregcleaner.exe
2005-10-25 19:12:38 34412848 ----a-w- c:program filesQuick TimeiTunesSetup.exe
2005-10-25 18:53:49 88064 ----a-w- c:program filespurrint.exe
2005-10-25 18:38:40 376165 ----a-w- c:program filesPrivacy Defender.exe
2005-10-25 17:58:16 526448 ----a-w- c:program filesMagnifierPowertoySetup.exe
2005-10-25 17:51:43 350296 ----a-w- c:program filesVirtual Desktop Manager Powertoy for Windows XP.msi
2005-10-25 17:51:32 562912 ----a-w- c:program filesDeskmanPowertoySetup.exe
2005-10-25 17:43:22 320064 ----a-w- c:program filesImage Resizer Powertoy for Windows XP.msi
2005-10-25 17:43:10 532616 ----a-w- c:program filesImageResizerPowertoySetup.exe
2005-10-25 17:38:15 150192 ----a-w- c:program filesTweakUiPowertoySetup.exe
2005-10-25 17:29:08 2599696 ----a-w- c:program filesClear Type setup.exe
2005-10-25 17:20:31 863744 ----a-w- c:program filesSetup.msi
2005-10-25 15:28:38 351015 ----a-w- c:program filesblocklist.reg
2005-10-25 15:04:42 4763648 ----a-w- c:program filesirfanview_plugins_397.exe
2005-10-25 14:21:43 1120090 ----a-w- c:program filesPrintScreen31_Setup.exe
2005-10-25 14:11:17 3018752 ----a-w- c:program filesfp545.exe
2005-10-22 19:56:57 2917130 ----a-w- c:program filesEClea2_0.exe
2005-10-22 19:36:23 127488 ----a-w- c:program filesSetupDragnifier.exe
2005-10-22 18:01:34 849904 ----a-w- c:program filesadvisor.exe
2005-10-22 17:52:23 206576 ----a-w- c:program filesassetup.exe
2005-10-22 00:36:59 4179293 ----a-w- c:program filesAida - Everesthome220.exe
2005-09-21 05:48:08 614400 ----a-w- c:program filesInstallTools.dll
2005-09-21 02:25:15 56832 ----a-w- c:program filesFineUI0.dll
2005-09-21 02:25:11 11264 ----a-w- c:program filesScreenshotReader0.dll
2005-09-21 02:25:08 15360 ----a-w- c:program filesFRWordZoom0.dll
2005-09-21 02:25:01 335872 ----a-w- c:program filesShell0.dll
2005-09-21 02:24:53 118784 ----a-w- c:program filesEngine0.dll
2005-09-21 02:24:46 8192 ----a-w- c:program filesFineUIRes.dll
2005-09-21 02:24:42 11264 ----a-w- c:program filesScreenshotReaderRes.dll
2005-09-21 02:24:39 5283840 ----a-w- c:program filesShellRes.dll
2010-07-07 19:39:20 1103872 --sha-w- c:windowssystem3254D.tmp
2010-02-21 16:45:57 203776 --sh--w- c:windowssystem32unrar.exe

============= FINISH: 23:30:21.82 ===============

Boopme

I have done what you said. Is there anything else that I should be doing, please?

Masochist1

Edited by boopme, 14 October 2010 - 03:50 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:05 AM

Posted 20 October 2010 - 07:00 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Masochist1

Masochist1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 22 October 2010 - 05:19 AM

Good to hear from you, mOle - yes, I am here

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:05 AM

Posted 22 October 2010 - 07:11 AM

There's certainly some trojan activity in the logs.

Please run Combofix and see if we can clear this up

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 Masochist1

Masochist1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 22 October 2010 - 02:47 PM

Sorry to say that I am getting nowhere with ComboFix. Downloading it is no problem , but then I am told that some of the istallation files are corrupted and to download a fresh copy and retry. I have done this at least 6 times, but with the "corrupted" message each time. I cannot even remove the existing comfix.exe from the Desktop folder. I say "Desktop folder" rather than "Desktop" because I cannot get anything new onto the Desktop itself

At the risk of appearing even more stupid, I cannot find the Options box on the site where I can ask to be notified by email of posts in reply to my topic.

Help, please!

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:05 AM

Posted 22 October 2010 - 05:42 PM

That's nothing to do with you and you're not stupid.


First, to get the email notifications do this:

Click your name at the top right and select My Settings. Find Notification Options down the left side among the options.

The last of the six options says: Watch every topic I reply to
If enabled, choose default notification type:

Change this to Immediate Notification

Then look under that and check the Email box under Notification method to use for topic replies and reply digests


With Combofix we need to start again. Uninstall Combofix as below:
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Please then download it from one of the links below. Choose the one you have not used before if that applies

Please download ComboFix from one of these locations:
Posted Image
m0le is a proud member of UNITE

#7 Masochist1

Masochist1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 22 October 2010 - 07:49 PM

Hello mOle

As to email notifications - brilliant - thank you

As to ComboFix, still problems, I'm sorry to say

With ComboFix /Uninstall(with gap) typed in the Run box, I click OK and bring up an Open File Security Warning box. Clicking OK here brings up a small ComboFix box with green vertical lines, followed immediately by "installation files are corrupt warning. Clicking here removes the words but leaves the box with green lines. I can remove the box by clicking ESC, but the several comfix buttons remain at the bottom of the screen

I really have followed your instructions!

Masochist1

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:05 AM

Posted 22 October 2010 - 07:56 PM

Okay, don't worry about Combofix for now.

Please run OTL, let me know if you get any corrupt installation files here.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 Masochist1

Masochist1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 22 October 2010 - 08:41 PM

I have had better luck with OTL and (I hope) copy below the contents of OTL.Txt Extra.TXT will follow in my next post as I couldn't get it in to this one

OTL logfile created on: 23/10/2010 02:11:40 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\David1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 427.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.28 Gb Total Space | 19.27 Gb Free Space | 39.90% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 94.87 Gb Free Space | 97.14% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 462.13 Gb Free Space | 99.22% Space Free | Partition Type: NTFS

Computer Name: DAVID | User Name: David1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David1\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\EscapeClose\EscapeClose.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David1\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (KodakCCS) -- File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (aawservice) -- C:\Program Files\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) Windows Media Connect (WMC) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (RapportCerberus_19917) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (STHDA) High Definition Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 48 CC 15 0A FC CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5A CA 12 02 2B CA C9 43 BD E9 7F E4 77 CE 01 CE [binary data]
IE - HKCU\..\URLSearchHook: {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files\MapNeto_1\tbMapN.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.8.107
FF - prefs.js..extensions.enabledItems: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}:4.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d95d6e2f-0405-452a-8318-d41b7946580f}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.4
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/07/05 13:26:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/10/09 19:22:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/22 09:58:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:59:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/28 18:22:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/07 11:48:15 | 000,000,000 | ---D | M]

[2010/05/17 19:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Mozilla\Extensions
[2010/05/17 19:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David1\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/03 21:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/28 20:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\tw6rgh1j.default\extensions
[2010/05/27 19:39:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\tw6rgh1j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/21 22:58:04 | 000,000,000 | ---D | M] (Freeze Toolbar) -- C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\tw6rgh1j.default\extensions\{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC}
[2010/07/12 01:33:16 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\tw6rgh1j.default\extensions\{d95d6e2f-0405-452a-8318-d41b7946580f}
[2010/06/24 20:47:39 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\tw6rgh1j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/27 00:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\tw6rgh1j.default\extensions\toolbar@ask.com
[2010/08/28 20:06:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/24 20:43:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/05 13:27:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/20 06:36:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/24 20:43:06 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/06/24 20:43:06 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/24 20:43:08 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/09/23 14:42:24 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/08/28 18:22:11 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/28 18:22:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/28 18:22:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/28 18:22:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/28 18:22:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/28 18:22:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/08/28 18:22:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/03/29 08:52:24 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/04/01 16:56:18 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 16:56:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/10/06 02:03:46 | 000,002,404 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/04/01 16:56:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 16:56:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 16:56:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 16:56:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 16:56:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/09 02:04:37 | 000,415,854 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14356 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MapNeto 1 Toolbar) - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files\MapNeto_1\tbMapN.dll (Conduit Ltd.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (IE PopUp-Killer) - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\popup.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBHO Object) - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\SpoofStick\SpoofStick\SpoofStickBHO.dll (CoreStreet, Ltd.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MapNeto 1 Toolbar) - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files\MapNeto_1\tbMapN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\SpoofStick\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\SpoofStick\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MapNeto 1 Toolbar) - {1E7E4DE1-5EF4-4BAA-9250-C26258DC499A} - C:\Program Files\MapNeto_1\tbMapN.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpoofStick) - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\SpoofStick\SpoofStick\SpoofStick.dll (CoreStreet, Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [mmtask] c:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINDOWS\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\PopUpKiller.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EscapeClose] C:\Program Files\EscapeClose\EscapeClose.exe ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\David1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe (jiiSoft)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [UninstallAbility] C:\Program Files\UninstallAbility\uability.exe (Aurelitec, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe (Answers Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\David1\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\David1\Start Menu\Programs\Startup\QClip.lnk = C:\Program Files\QClip\qclip.exe ()
O4 - Startup: C:\Documents and Settings\David1\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 99
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: RoboForm TaskBar Icon - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra 'Tools' menuitem : RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html ()
O9 - Extra Button: PRDIE - {595AF525-CA9D-404E-B6F0-DC2A7879DB8A} - Reg Error: Value error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: google.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mindweavers.co.uk ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: neatnettricks.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: zonelabs.com ([www] http in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} http://download1.answers.com/pub/AnswersSetup.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\d094db2a816: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\d094db2a967: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - http://pics.ebaystatic.com/aw/pics/uk/navbar/redesign_p1/ebayLogo.gif
O24 - Desktop Components:1 () - http://site.answers.com/main791/images/backHomeGradient.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (pgdfgsvc C 1) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 02:03:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David1\Desktop\OTL.exe
[2010/10/23 01:32:09 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/22 19:23:27 | 000,000,000 | ---D | C] -- C:\comfix3436c
[2010/10/22 19:21:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Documents and Settings\David1\Desktop\NirCmd.cfxxe
[2010/10/22 19:18:03 | 000,000,000 | ---D | C] -- C:\comfix
[2010/10/22 18:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Desktop\Desktop
[2010/10/22 17:07:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/22 17:07:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/22 17:03:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/22 17:00:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/22 16:51:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2010/10/22 15:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Application Data\Trusteer
[2010/10/22 15:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/10/22 15:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/10/21 21:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Application Data\AVG
[2010/10/21 21:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/18 20:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Application Data\AVG10
[2010/10/18 20:14:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/18 20:13:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/18 20:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 20:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/10/18 19:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/18 15:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Desktop\qd500w550axpuk
[2010/10/17 19:09:09 | 000,000,000 | ---D | C] -- D:\MY DOCUMENTS\New Folder
[2010/10/14 19:53:14 | 000,010,384 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2010/10/14 19:52:06 | 000,301,656 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\BtCoreIf.dll
[2010/10/14 19:52:00 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2010/10/14 19:52:00 | 000,145,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2010/10/14 19:52:00 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2010/10/14 19:52:00 | 000,084,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll
[2010/10/14 19:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/10/13 09:48:46 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 09:48:45 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 09:48:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/10 16:09:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Desktop\Malwarebytes' Anti-Malware
[2010/10/10 15:46:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/10 15:46:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/10 15:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/09 19:20:32 | 003,018,064 | ---- | C] (Siber Systems) -- C:\Program Files\AiRoboForm-cnetc.exe
[2010/10/03 23:43:44 | 000,059,240 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/10/02 11:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\MapNeto_1
[2010/10/01 10:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Desktop\Final Solution
[2010/09/29 21:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Application Data\PriceGong
[2010/09/29 21:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Local Settings\Application Data\MapNeto_1
[2010/09/29 21:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Local Settings\Application Data\ConduitEngine
[2010/09/29 21:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2010/09/29 21:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\MapNeto_1
[2010/09/29 01:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\EddieB
[2010/09/28 01:10:36 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/09/27 01:32:33 | 001,090,952 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\David1\Desktop\mbam.exe
[2010/09/23 14:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David1\Application Data\PC-FAX TX
[2010/07/05 13:25:48 | 000,921,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\JavaSetup6u20.exe
[2010/05/29 07:05:35 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_114_cnet.exe
[2010/03/11 03:21:04 | 000,079,448 | ---- | C] (NirSoft) -- C:\Program Files\wulWinupdates_setup.exe
[2009/11/10 02:53:15 | 001,820,280 | ---- | C] (W3i, LLC) -- C:\Program Files\abiword_8798.exe
[2009/11/06 03:16:23 | 000,685,988 | ---- | C] (Igor Pavlov) -- C:\Program Files\Startup Inspector isw2.exe
[2009/11/03 17:27:39 | 000,891,008 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_9_39_free.exe
[2009/08/04 00:15:00 | 021,935,408 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2009/07/22 13:59:27 | 014,224,112 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp556_full_emusic-7plus_all.exe
[2009/07/22 10:50:13 | 010,277,728 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp556_full_emusic-7plus_en-us.exe
[2009/07/21 19:16:36 | 017,663,352 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp556_full_bundle_emusic-7plus_all.exe
[2009/06/28 20:22:47 | 000,230,120 | ---- | C] (Wilson WindowWare, Inc.) -- C:\Program Files\WBDBU32I.DLL
[2009/06/28 18:19:24 | 054,074,736 | ---- | C] (Logitech Inc. ) -- C:\Program Files\setpoint472.exe
[2009/02/16 02:22:24 | 002,327,656 | ---- | C] (Uniblue Systems Ltd. ) -- C:\Program Files\speedupmypc3.exe
[2009/02/10 20:21:39 | 002,698,976 | ---- | C] (Uniblue ) -- C:\Program Files\systemtweaker.exe
[2009/02/10 19:30:35 | 002,104,768 | ---- | C] (Uniblue Systems Ltd. ) -- C:\Program Files\Driver Scanner.exe
[2008/10/14 12:33:37 | 002,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2008/09/07 19:19:30 | 000,948,392 | ---- | C] ( ) -- C:\Program Files\hddh.exe
[2008/04/11 01:32:01 | 006,613,816 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\DRWSetup.exe
[2007/12/11 02:09:03 | 001,000,280 | ---- | C] (PC Pitstop LLC ) -- C:\Program Files\optimize-setup-1051.exe
[2007/12/07 17:05:12 | 003,178,952 | ---- | C] (ParetoLogic Inc.) -- C:\Program Files\XoftSpySE433_263.exe
[2007/11/30 23:00:40 | 052,770,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx3.exe
[2007/10/03 20:12:43 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx.exe
[2007/07/30 02:46:01 | 001,893,383 | ---- | C] (McAfee Inc.) -- C:\Program Files\stinger.exe
[2006/11/04 03:23:08 | 005,037,072 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd14.exe
[2006/10/06 01:24:30 | 001,274,368 | ---- | C] (Gabriel Topala) -- C:\Program Files\siw.exe
[2006/09/16 21:18:45 | 000,559,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB906569-v2-x86-ENU.exe
[2006/05/29 02:50:52 | 001,843,200 | ---- | C] (Red Dragon International, Inc.) -- C:\Program Files\exposedsetup.exe
[2006/05/24 02:42:13 | 001,507,696 | ---- | C] (Karen Kenworthy) -- C:\Program Files\ptreplicator-setup.exe
[2006/05/14 17:40:32 | 004,981,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\officexp-kb873352-fullfile-enu.exe
[2006/05/08 23:23:51 | 020,795,168 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2006/01/25 20:59:57 | 005,582,185 | ---- | C] (Sonic Solutions ) -- C:\Program Files\DMX_Update307B32n_Silent.exe
[2005/11/12 22:42:36 | 012,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe
[2005/10/25 20:12:37 | 034,412,848 | ---- | C] (Apple Computer, Inc. ) -- C:\Program Files\Quick TimeiTunesSetup.exe
[2005/10/25 18:58:15 | 000,526,448 | ---- | C] (Microsoft Corporation ) -- C:\Program Files\MagnifierPowertoySetup.exe
[2005/10/25 18:51:30 | 000,562,912 | ---- | C] (Microsoft Corporation ) -- C:\Program Files\DeskmanPowertoySetup.exe
[2005/10/25 18:43:10 | 000,532,616 | ---- | C] (Microsoft Corporation ) -- C:\Program Files\ImageResizerPowertoySetup.exe
[2005/10/25 18:28:54 | 002,599,696 | ---- | C] (Microsoft Corporation ) -- C:\Program Files\Clear Type setup.exe
[2005/10/22 20:56:57 | 002,917,130 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\EClea2_0.exe
[2005/10/22 18:52:23 | 000,206,576 | ---- | C] (South Bay Software) -- C:\Program Files\assetup.exe
[2005/10/22 01:36:59 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Program Files\Aida - Everesthome220.exe
[2005/09/21 06:48:08 | 000,614,400 | ---- | C] (ABBYY Software) -- C:\Program Files\InstallTools.dll
[2005/09/21 03:25:15 | 000,056,832 | ---- | C] (ABBYY Software) -- C:\Program Files\FineUI0.dll
[2005/09/21 03:25:11 | 000,011,264 | ---- | C] (ABBYY Software) -- C:\Program Files\ScreenshotReader0.dll
[2005/09/21 03:25:08 | 000,015,360 | ---- | C] (ABBYY Software) -- C:\Program Files\FRWordZoom0.dll
[2005/09/21 03:25:01 | 000,335,872 | ---- | C] (ABBYY Software) -- C:\Program Files\Shell0.dll
[2005/09/21 03:24:53 | 000,118,784 | ---- | C] (ABBYY Software) -- C:\Program Files\Engine0.dll
[2005/09/21 03:24:46 | 000,008,192 | ---- | C] (ABBYY Software) -- C:\Program Files\FineUIRes.dll
[2005/09/21 03:24:42 | 000,011,264 | ---- | C] (ABBYY Software) -- C:\Program Files\ScreenshotReaderRes.dll
[2005/09/21 03:24:39 | 005,283,840 | ---- | C] (ABBYY Software) -- C:\Program Files\ShellRes.dll
[2005/09/21 03:23:17 | 000,348,160 | ---- | C] (ABBYY Software) -- C:\Program Files\ScreenshotReader.exe
[2005/09/21 03:22:39 | 001,032,192 | ---- | C] (ABBYY Software) -- C:\Program Files\FRWordZoom.dll
[2005/09/21 03:21:35 | 000,217,088 | ---- | C] (ABBYY Software) -- C:\Program Files\FineOCR.exe
[2005/09/21 03:21:11 | 000,061,440 | ---- | C] (ABBYY Software) -- C:\Program Files\FineSTI.exe
[2005/09/21 03:20:51 | 000,028,160 | ---- | C] (ABBYY Software) -- C:\Program Files\FECMenu.dll
[2005/09/21 03:20:28 | 002,727,936 | ---- | C] (ABBYY Software) -- C:\Program Files\FineReader.exe
[2005/09/21 02:52:14 | 000,335,872 | ---- | C] (ABBYY Software) -- C:\Program Files\FineUI.dll
[2005/09/21 02:51:24 | 000,013,824 | ---- | C] (ABBYY Software) -- C:\Program Files\TrigrammsInstaller.exe
[2005/09/21 02:47:29 | 028,213,248 | ---- | C] (ABBYY Software) -- C:\Program Files\RecPage.dll
[2005/09/21 01:41:21 | 000,069,632 | ---- | C] (ABBYY Software) -- C:\Program Files\Splrt.dll
[2005/09/21 01:39:31 | 000,565,248 | ---- | C] (ABBYY Software) -- C:\Program Files\Synthesis.dll
[2005/09/21 01:37:10 | 000,270,336 | ---- | C] (ABBYY Software) -- C:\Program Files\Recognizer.dll
[2005/09/21 01:36:20 | 000,929,792 | ---- | C] (ABBYY Software) -- C:\Program Files\PDFReader.dll
[2005/09/21 01:36:04 | 000,069,632 | ---- | C] (ABBYY Software) -- C:\Program Files\APDFLWrapper.dll
[2005/09/21 01:35:10 | 000,126,976 | ---- | C] (ABBYY Software) -- C:\Program Files\RegExp.dll
[2005/09/21 01:33:47 | 001,142,784 | ---- | C] (ABBYY Software) -- C:\Program Files\Image.dll
[2005/09/21 01:31:54 | 002,056,192 | ---- | C] (ABBYY Software) -- C:\Program Files\Export.dll
[2005/09/21 01:27:53 | 000,019,968 | ---- | C] (ABBYY Software) -- C:\Program Files\FineBR.drv
[2005/09/21 01:27:32 | 001,257,472 | ---- | C] (ABBYY Software) -- C:\Program Files\Engine.dll
[2005/09/21 01:19:03 | 002,371,584 | ---- | C] (ABBYY Software) -- C:\Program Files\Da.dll
[2005/09/21 01:02:02 | 000,442,368 | ---- | C] (ABBYY Software) -- C:\Program Files\Barcode.dll
[2005/09/21 00:57:51 | 000,405,504 | ---- | C] (ABBYY Software) -- C:\Program Files\TRS.dll
[2005/09/21 00:26:57 | 000,696,320 | ---- | C] (ABBYY Software) -- C:\Program Files\Morphology.dll
[2005/09/21 00:19:08 | 000,131,072 | ---- | C] (ABBYY Software) -- C:\Program Files\MorphoRes0.dll
[2005/09/21 00:18:25 | 005,320,704 | ---- | C] (ABBYY Software) -- C:\Program Files\Langinfo.dll
[2005/09/21 00:10:22 | 001,011,712 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\Awl.dll
[2005/09/21 00:01:56 | 000,372,736 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\FineObj.dll
[2005/09/20 23:57:47 | 000,002,560 | ---- | C] (ABBYY (BIT Software)) -- C:\Program Files\FObjEventSrc.dll
[2005/05/14 20:02:34 | 000,033,792 | ---- | C] (NirSoft) -- C:\Program Files\myuninst.exe
[2005/02/14 20:38:38 | 005,013,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\PDFL70.dll
[2005/02/14 18:29:58 | 002,166,784 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\CoolType.dll
[2005/02/14 18:29:58 | 000,217,088 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\BIBUtils.dll
[2005/02/14 18:29:56 | 000,450,560 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AdobeXMP.dll
[2005/02/14 18:29:56 | 000,180,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\BIB.dll
[2005/02/14 18:29:50 | 000,151,552 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AXE8SharedExpat.dll
[2005/02/14 18:29:48 | 001,803,264 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AGM.dll
[2005/02/14 18:29:48 | 000,622,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ACE.dll
[2005/02/14 18:29:48 | 000,258,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\ARE.dll
[2005/02/14 18:29:48 | 000,151,552 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\AXE16SharedExpat.dll
[2005/01/24 10:58:20 | 000,561,152 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\JP2KLib.dll
[2004/08/31 13:08:04 | 000,015,360 | ---- | C] (NirSoft) -- C:\Program Files\nirext.exe
[2004/05/14 21:14:00 | 000,032,768 | ---- | C] (NirSoft) -- C:\Program Files\wul.exe
[2003/08/21 02:00:00 | 000,028,672 | ---- | C] (http://www.SteveMiller.net) -- C:\Program Files\PureText.exe
[2003/02/21 05:42:22 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll
[2002/03/11 10:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiW.exe
[2002/03/11 09:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiA.exe
[2001/07/06 16:59:54 | 000,372,736 | ---- | C] (Ed Halley - http://www.halley.cc/stuff/) -- C:\Program Files\Dragnifier.exe
[2000/10/05 18:36:02 | 000,360,531 | ---- | C] (Microsoft Corporation) -- C:\Program Files\litgen.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\David1\*.tmp files -> C:\Documents and Settings\David1\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 02:10:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{772EE5E4-7384-4A15-A8DC-B995B75632B5}.job
[2010/10/23 02:03:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David1\Desktop\OTL.exe
[2010/10/23 02:01:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/23 01:37:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005636837-723863596-2902758756-1005UA.job
[2010/10/23 01:30:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/23 00:03:14 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/10/22 21:32:11 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Bleeping Computer new reference.doc
[2010/10/22 21:30:29 | 000,000,475 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Bleeping Computer new reference.doc.lnk
[2010/10/22 21:26:20 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/22 21:22:08 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Markham.doc.lnk
[2010/10/22 20:28:28 | 000,506,303 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\comfix.exe
[2010/10/22 20:18:19 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\WORD.lnk
[2010/10/22 20:04:29 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Vund LP.doc
[2010/10/22 19:52:49 | 000,024,064 | ---- | M] () -- D:\MY DOCUMENTS\Bleeping Computer new reference.doc
[2010/10/22 19:51:30 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\David1\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/10/22 17:16:31 | 097,402,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/22 16:30:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/22 15:37:01 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4005636837-723863596-2902758756-1005Core.job
[2010/10/22 11:05:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/22 11:05:32 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\David1\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/10/22 11:04:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/10/22 11:03:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/22 09:58:58 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/21 21:35:49 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\AVG PC Tuneup 2011.lnk
[2010/10/21 20:41:24 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Best current offshore interest rates on international offshore savings accounts for expats and seniors at interest-rates.org.uk..url
[2010/10/21 19:39:05 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Google Chrome.lnk
[2010/10/21 15:04:03 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\IrfanView (2).lnk
[2010/10/21 15:03:29 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\IrfanView.lnk
[2010/10/21 02:10:01 | 000,000,903 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2010/10/21 02:10:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brdfxspd.dat
[2010/10/19 01:06:18 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\10.08.05 to Jonathan.eml.lnk
[2010/10/18 14:52:16 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/18 14:49:57 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\P-touch Editor 5.0.lnk
[2010/10/18 12:10:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David1\Local Settings\Application Data\prvlcl.dat
[2010/10/17 20:05:01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/10/17 19:06:47 | 000,113,706 | ---- | M] () -- D:\MY DOCUMENTS\Power Band(Large).gif
[2010/10/17 18:36:32 | 032,077,312 | ---- | M] () -- D:\MY DOCUMENTS\Rubber Band.doc
[2010/10/16 11:17:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/15 09:37:36 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\EddieBMBam.exe (2).lnk
[2010/10/14 21:27:16 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 19:52:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2010/10/14 19:52:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2010/10/14 19:52:09 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/10/14 19:52:09 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/10/14 19:41:56 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\David1\Application Data\setup_ldm.iss
[2010/10/13 18:08:19 | 002,662,400 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/10/13 18:08:19 | 001,546,240 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/13 12:53:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 00:35:53 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\dds.scr
[2010/10/11 13:54:04 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\gmer.zip
[2010/10/11 01:37:00 | 001,456,224 | ---- | M] () -- D:\MY DOCUMENTS\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.mht
[2010/10/11 00:27:21 | 000,059,170 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\bleepingcomputer_com.htm
[2010/10/10 23:05:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Defogger.exe
[2010/10/10 22:59:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\David1\defogger_reenable
[2010/10/10 16:05:34 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Malwarebytes' Anti-Malware (3).lnk
[2010/10/10 16:04:27 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\EddieBMBam.exe.lnk
[2010/10/10 15:45:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/10/10 15:16:05 | 000,002,744 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Vundo LP and Diversion of Searches.eml
[2010/10/10 10:41:14 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\C.doc
[2010/10/10 10:33:11 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Vundo LP.doc
[2010/10/09 19:20:43 | 003,018,064 | ---- | M] (Siber Systems) -- C:\Program Files\AiRoboForm-cnetc.exe
[2010/10/03 23:43:44 | 000,059,240 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/10/03 22:34:44 | 000,434,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/03 22:34:44 | 000,068,412 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/01 10:42:45 | 000,001,131 | ---- | M] () -- C:\Program Files\xp_sendtodesktop.vbs
[2010/10/01 10:36:21 | 000,000,445 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Final Solution.lnk
[2010/10/01 10:29:15 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Gout Chair.jpg.lnk
[2010/10/01 10:28:16 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Gout Chair.lnk
[2010/09/30 07:19:01 | 000,000,194 | ---- | M] () -- C:\Program Files\desktop-create-shortcut.zip
[2010/09/30 07:12:24 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Lasting Powers of Attorney (Personal Welfare) (2).lnk
[2010/09/30 07:12:06 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Lasting Powers of Attorney (Personal Welfare).lnk
[2010/09/30 06:49:04 | 000,000,536 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Jason and Jane.lnk
[2010/09/30 06:47:21 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Variation.doc.lnk
[2010/09/30 06:42:47 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Malwarebytes' Anti-Malware (2).lnk
[2010/09/30 06:39:15 | 000,000,491 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\DELL.lnk
[2010/09/29 20:23:50 | 000,026,624 | ---- | M] () -- D:\MY DOCUMENTS\Gone Away.doc
[2010/09/29 02:34:50 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\Asterix Key.lnk
[2010/09/27 00:59:21 | 000,000,442 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\DAVID Probate.lnk
[2010/09/24 19:17:57 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\retirement fund (4).lnk
[2010/09/24 19:08:34 | 000,000,448 | ---- | M] () -- C:\Documents and Settings\David1\Desktop\retirement fund.lnk
[2010/09/23 14:35:29 | 000,000,154 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\David1\*.tmp files -> C:\Documents and Settings\David1\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/22 21:30:29 | 000,000,475 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Bleeping Computer new reference.doc.lnk
[2010/10/22 21:22:08 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Markham.doc.lnk
[2010/10/22 19:53:15 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Bleeping Computer new reference.doc
[2010/10/22 19:52:49 | 000,024,064 | ---- | C] () -- D:\MY DOCUMENTS\Bleeping Computer new reference.doc
[2010/10/22 19:06:01 | 000,506,303 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\comfix.exe
[2010/10/22 17:16:31 | 097,402,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/10/22 17:07:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/22 17:07:17 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/22 17:07:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/21 21:35:49 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\AVG PC Tuneup 2011.lnk
[2010/10/21 15:04:03 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\IrfanView (2).lnk
[2010/10/21 15:03:29 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\IrfanView.lnk
[2010/10/19 01:06:18 | 000,000,679 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\10.08.05 to Jonathan.eml.lnk
[2010/10/18 20:13:24 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/18 15:14:36 | 000,001,235 | ---- | C] () -- C:\WINDOWS\System32\PTQL5L.INI
[2010/10/18 14:49:57 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\P-touch Editor 5.0.lnk
[2010/10/17 19:06:47 | 000,113,706 | ---- | C] () -- D:\MY DOCUMENTS\Power Band(Large).gif
[2010/10/17 18:36:30 | 032,077,312 | ---- | C] () -- D:\MY DOCUMENTS\Rubber Band.doc
[2010/10/15 09:37:36 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\EddieBMBam.exe (2).lnk
[2010/10/14 19:52:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2010/10/14 19:52:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2010/10/14 19:52:09 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/10/14 19:52:08 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/10/11 01:36:58 | 001,456,224 | ---- | C] () -- D:\MY DOCUMENTS\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.mht
[2010/10/11 00:27:21 | 000,059,170 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\bleepingcomputer_com.htm
[2010/10/10 23:40:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\gmer.exe
[2010/10/10 23:37:28 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\gmer.zip
[2010/10/10 23:08:56 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\dds.scr
[2010/10/10 22:59:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David1\defogger_reenable
[2010/10/10 22:58:48 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Defogger.exe
[2010/10/10 16:05:34 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Malwarebytes' Anti-Malware (3).lnk
[2010/10/10 16:04:27 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\EddieBMBam.exe.lnk
[2010/10/10 15:46:55 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/10 15:16:05 | 000,002,744 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Vundo LP and Diversion of Searches.eml
[2010/10/10 10:41:14 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\C.doc
[2010/10/10 10:36:09 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Vund LP.doc
[2010/10/10 10:33:10 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Vundo LP.doc
[2010/10/01 10:36:21 | 000,000,445 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Final Solution.lnk
[2010/10/01 10:32:52 | 000,001,131 | ---- | C] () -- C:\Program Files\xp_sendtodesktop.vbs
[2010/10/01 10:29:15 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Gout Chair.jpg.lnk
[2010/10/01 10:28:16 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Gout Chair.lnk
[2010/09/30 07:12:24 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Lasting Powers of Attorney (Personal Welfare) (2).lnk
[2010/09/30 07:12:06 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Lasting Powers of Attorney (Personal Welfare).lnk
[2010/09/30 06:49:04 | 000,000,536 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Jason and Jane.lnk
[2010/09/30 06:47:21 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Variation.doc.lnk
[2010/09/30 06:42:47 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Malwarebytes' Anti-Malware (2).lnk
[2010/09/30 06:39:15 | 000,000,491 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\DELL.lnk
[2010/09/30 06:36:17 | 000,000,194 | ---- | C] () -- C:\Program Files\desktop-create-shortcut.zip
[2010/09/29 20:23:50 | 000,026,624 | ---- | C] () -- D:\MY DOCUMENTS\Gone Away.doc
[2010/09/29 02:34:50 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\Asterix Key.lnk
[2010/09/27 00:59:21 | 000,000,442 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\DAVID Probate.lnk
[2010/09/24 19:17:57 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\retirement fund (4).lnk
[2010/09/24 19:08:34 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\David1\Desktop\retirement fund.lnk
[2010/09/05 15:21:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PTQL5F.DLL
[2010/08/24 18:00:05 | 000,000,903 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/08/24 18:00:05 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/08/24 17:59:41 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/24 17:59:41 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/08/24 17:28:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/08/24 17:28:22 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/08/24 17:25:16 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/06/11 01:11:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David1\Local Settings\Application Data\prvlcl.dat
[2010/05/27 18:00:50 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\David1\Application Data\Smiley.ico
[2010/05/10 01:56:36 | 000,041,295 | ---- | C] () -- C:\Program Files\ariuinst.exe
[2010/03/11 04:04:45 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/11/07 11:01:17 | 157,484,384 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/11/06 03:16:27 | 000,892,928 | ---- | C] () -- C:\Program Files\wisediagnostic.EXE
[2009/08/20 09:15:08 | 135,630,545 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2009/08/20 09:13:26 | 009,815,040 | ---- | C] () -- C:\Program Files\openofficeorg31.msi
[2009/08/19 09:31:00 | 000,000,281 | ---- | C] () -- C:\Program Files\Setup.ini
[2009/08/04 19:18:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\GeoEditAVIDll.dll
[2009/08/04 19:17:50 | 002,557,845 | ---- | C] () -- C:\Program Files\GeoCodec.zip
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/30 18:37:55 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\David1\Application Data\setup.log
[2009/06/30 18:37:51 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\David1\Application Data\setup_ldm.iss
[2009/06/28 20:37:11 | 000,008,628 | -H-- | C] () -- C:\Program Files\SETUP.GID
[2009/06/19 00:28:35 | 000,202,177 | ---- | C] () -- C:\Program Files\pawn3.zip
[2008/04/11 01:29:16 | 006,272,314 | ---- | C] () -- C:\Program Files\DataRecoveryWizardProfessional.zip
[2008/03/16 13:29:01 | 125,892,318 | ---- | C] () -- C:\Program Files\OOo_2.3.1_Win32Intel_install_wJRE_en-US.exe
[2008/02/26 03:15:15 | 017,230,072 | ---- | C] () -- C:\Program Files\flash_player_update5_flash8_win.zip
[2008/01/18 02:58:08 | 000,471,289 | ---- | C] () -- C:\Program Files\OPTIMIZE2_SETUP.ZIP
[2008/01/12 02:01:59 | 014,113,576 | ---- | C] () -- C:\Program Files\avgas-setup-7.5.1.43-3339.exe
[2008/01/05 18:23:45 | 041,724,304 | ---- | C] () -- C:\Program Files\zlsSetup_70_462_000_en.exe
[2008/01/02 20:13:57 | 000,658,771 | ---- | C] () -- C:\Program Files\MWSnap300.exe
[2007/12/21 19:37:07 | 012,220,104 | ---- | C] () -- C:\Program Files\ashampoo_winoptimizerplatinum330_se.exe
[2007/12/16 03:46:43 | 005,629,711 | ---- | C] () -- C:\Program Files\winboard-4_2_7a.exe
[2007/12/06 04:10:19 | 021,216,112 | ---- | C] () -- C:\Program Files\Adaware 2007.exe
[2007/12/06 04:10:19 | 021,216,112 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/12/02 20:10:42 | 013,831,281 | ---- | C] () -- C:\Program Files\PDFXVwer.zip
[2007/11/29 03:38:04 | 000,433,679 | ---- | C] () -- C:\Program Files\iemaximizer23.exe
[2007/11/10 22:08:37 | 000,731,648 | ---- | C] () -- C:\Program Files\AllChars-4.0.321.msi
[2007/11/04 23:14:45 | 032,456,704 | ---- | C] () -- C:\Program Files\dell_support_center.msi
[2007/10/03 20:06:21 | 000,408,847 | ---- | C] () -- C:\Program Files\x2dbsrep49.zip
[2007/09/27 02:30:30 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\David1\Local Settings\Application Data\kodakpcd.ini
[2007/09/08 21:27:14 | 000,000,326 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/13 19:58:39 | 014,805,544 | ---- | C] () -- C:\Program Files\Bach - Mass in B minor.mp3
[2007/08/06 18:25:49 | 039,123,134 | ---- | C] () -- C:\Program Files\Scanto01TB.exe
[2007/07/30 11:04:21 | 000,000,022 | ---- | C] () -- C:\Program Files\stinger.opt
[2007/04/12 21:24:24 | 000,314,982 | ---- | C] () -- C:\Program Files\UltraMagnifier10.zip
[2007/03/17 21:42:44 | 000,742,487 | ---- | C] () -- C:\Program Files\sdel.zip
[2007/02/23 23:17:15 | 001,400,995 | ---- | C] () -- C:\Program Files\NW2Setup.zip
[2007/01/19 02:38:49 | 005,186,048 | ---- | C] () -- C:\Program Files\WindowsDefender.msi
[2006/11/23 04:34:55 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/11/23 04:34:55 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/11/23 04:34:55 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2006/10/31 12:46:13 | 017,207,032 | ---- | C] () -- C:\Program Files\avg75free_428a818.exe
[2006/10/30 23:21:49 | 001,868,800 | ---- | C] () -- C:\Program Files\ABBYY ScanTo Office 1.0.msi
[2006/10/30 23:21:49 | 000,122,368 | ---- | C] () -- C:\Program Files\1049.mst
[2006/10/30 23:21:49 | 000,087,040 | ---- | C] () -- C:\Program Files\1031.mst
[2006/10/30 23:21:49 | 000,085,504 | ---- | C] () -- C:\Program Files\1040.mst
[2006/10/30 23:21:49 | 000,081,408 | ---- | C] () -- C:\Program Files\1036.mst
[2006/10/30 23:21:49 | 000,078,848 | ---- | C] () -- C:\Program Files\1034.mst
[2006/10/30 23:21:49 | 000,078,336 | ---- | C] () -- C:\Program Files\1043.mst
[2006/10/30 23:21:49 | 000,037,376 | ---- | C] () -- C:\Program Files\1033.mst
[2006/09/21 01:55:45 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/08/31 21:19:27 | 000,168,850 | ---- | C] () -- C:\Program Files\ABBYY FineReader 8.0 Professional Edition.log
[2006/08/31 21:19:14 | 000,001,410 | ---- | C] () -- C:\Program Files\ProtectionLog.dat
[2006/08/31 21:19:14 | 000,000,514 | ---- | C] () -- C:\Program Files\VerData.prt
[2006/08/31 21:19:13 | 000,099,779 | ---- | C] () -- C:\Program Files\EnglishMedical.amt
[2006/08/31 21:19:13 | 000,099,779 | ---- | C] () -- C:\Program Files\EnglishLaw.amt
[2006/08/31 21:19:12 | 000,138,218 | ---- | C] () -- C:\Program Files\French.amt
[2006/08/31 21:19:12 | 000,135,087 | ---- | C] () -- C:\Program Files\Dutch.amt
[2006/08/31 21:19:11 | 000,101,281 | ---- | C] () -- C:\Program Files\English.amt
[2006/07/20 16:57:05 | 000,964,180 | ---- | C] () -- C:\Program Files\ShotSender.zip
[2006/06/21 16:29:36 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Quickchess.ini
[2006/06/14 23:45:01 | 259,539,966 | ---- | C] () -- C:\Program Files\Microsoft Office XP Publisher 2003.zip
[2006/06/13 19:39:22 | 000,860,795 | ---- | C] () -- C:\Program Files\pcsecuritytest.zip
[2006/06/06 19:36:04 | 034,623,317 | ---- | C] () -- C:\Program Files\data1.cab
[2006/06/06 19:36:04 | 000,346,602 | ---- | C] () -- C:\Program Files\ikernel.ex_
[2006/06/06 19:36:04 | 000,291,232 | ---- | C] () -- C:\Program Files\data2.cab
[2006/06/06 19:36:04 | 000,136,734 | ---- | C] () -- C:\Program Files\Setup.inx
[2006/06/06 19:36:04 | 000,011,663 | ---- | C] () -- C:\Program Files\data1.hdr
[2006/06/06 19:36:04 | 000,000,417 | ---- | C] () -- C:\Program Files\layout.bin
[2006/05/22 16:54:11 | 012,319,320 | ---- | C] () -- C:\Program Files\installactivescan.exe
[2006/05/14 15:22:54 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2006/05/14 14:20:51 | 003,833,344 | ---- | C] () -- C:\Program Files\ow32enen854.exe
[2006/05/07 02:23:37 | 001,748,488 | ---- | C] () -- C:\Program Files\install.exe
[2006/05/01 23:30:11 | 000,628,425 | ---- | C] () -- C:\Program Files\pawn2.zip
[2006/04/09 02:03:57 | 000,845,594 | ---- | C] () -- C:\Program Files\dlsetup.exe
[2006/02/02 21:42:15 | 000,234,655 | ---- | C] () -- C:\Program Files\f-force Nyxem.E.z.zip
[2006/01/02 20:31:29 | 000,550,340 | ---- | C] () -- C:\Program Files\favorg.zip
[2005/12/10 14:24:38 | 008,226,111 | ---- | C] () -- C:\Program Files\InstallationAssistant.exe
[2005/12/10 13:41:20 | 013,427,415 | ---- | C] () -- C:\Program Files\InstallationAssistantJVM.exe
[2005/12/07 22:55:17 | 016,150,144 | ---- | C] () -- C:\Program Files\avg71free_371a669.exe
[2005/11/23 20:53:38 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2005/11/23 14:56:38 | 010,537,576 | ---- | C] () -- C:\Program Files\zlsSetup_61_737_000_en.exe
[2005/10/31 21:55:54 | 000,000,491 | ---- | C] () -- C:\Program Files\DELL
[2005/10/28 19:46:16 | 000,000,502 | ---- | C] () -- C:\Program Files\QClip
[2005/10/26 14:40:24 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\David1\Local Settings\Application Data\FASTWiz.html
[2005/10/26 14:16:50 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\David1\Local Settings\Application Data\FASTApp.html
[2005/10/25 22:34:09 | 000,621,200 | ---- | C] () -- C:\Program Files\install_easyshare.exe
[2005/10/25 22:04:26 | 000,000,555 | ---- | C] () -- C:\Program Files\UninstallAbility
[2005/10/25 21:58:13 | 000,000,530 | ---- | C] () -- C:\Program Files\Startup Cop
[2005/10/25 21:55:42 | 001,384,267 | ---- | C] () -- C:\Program Files\Startup Cop_setup.zip
[2005/10/25 21:35:32 | 000,058,671 | ---- | C] () -- C:\Program Files\StartupCPL.zip
[2005/10/25 21:31:34 | 000,584,642 | ---- | C] () -- C:\Program Files\Spysites spysit10.zip
[2005/10/25 21:25:50 | 000,001,647 | ---- | C] () -- C:\Program Files\SpoofStick
[2005/10/25 20:37:53 | 000,000,510 | ---- | C] () -- C:\Program Files\Send To
[2005/10/25 20:35:55 | 000,906,629 | ---- | C] () -- C:\Program Files\sendto16.exe
[2005/10/25 20:32:50 | 000,553,687 | ---- | C] () -- C:\Program Files\regcleaner.exe
[2005/10/25 20:19:33 | 000,000,449 | ---- | C] () -- C:\Program Files\Real
[2005/10/25 19:53:49 | 000,088,064 | ---- | C] () -- C:\Program Files\purrint.exe
[2005/10/25 19:38:39 | 000,376,165 | ---- | C] () -- C:\Program Files\Privacy Defender.exe
[2005/10/25 19:29:53 | 000,045,133 | ---- | C] () -- C:\Program Files\PageDefrag.zip
[2005/10/25 18:57:27 | 000,350,296 | ---- | C] () -- C:\Program Files\Virtual Desktop Manager Powertoy for Windows XP.msi
[2005/10/25 18:49:26 | 000,320,064 | ---- | C] () -- C:\Program Files\Image Resizer Powertoy for Windows XP.msi
[2005/10/25 18:38:12 | 000,150,192 | ---- | C] () -- C:\Program Files\TweakUiPowertoySetup.exe
[2005/10/25 18:20:31 | 000,863,744 | ---- | C] () -- C:\Program Files\Setup.msi
[2005/10/25 16:28:35 | 000,351,015 | ---- | C] () -- C:\Program Files\blocklist.reg
[2005/10/25 16:25:53 | 000,100,427 | ---- | C] () -- C:\Program Files\blocklist.zip
[2005/10/25 16:04:30 | 004,763,648 | ---- | C] () -- C:\Program Files\irfanview_plugins_397.exe
[2005/10/25 15:58:24 | 000,053,368 | ---- | C] () -- C:\Program Files\jugend.ttf
[2005/10/25 15:47:17 | 000,504,681 | ---- | C] () -- C:\Program Files\resizer.zip
[2005/10/25 15:21:39 | 001,120,090 | ---- | C] () -- C:\Program Files\PrintScreen31_Setup.exe
[2005/10/25 15:11:10 | 003,018,752 | ---- | C] () -- C:\Program Files\fp545.exe
[2005/10/22 20:36:23 | 000,127,488 | ---- | C] () -- C:\Program Files\SetupDragnifier.exe
[2005/10/22 20:14:10 | 000,004,213 | ---- | C] () -- C:\Program Files\layout.zip
[2005/10/22 19:48:34 | 001,021,230 | ---- | C] () -- C:\Program Files\ContextMenuPlus.zip
[2005/10/22 19:01:50 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2005/10/22 19:01:32 | 000,849,904 | ---- | C] () -- C:\Program Files\advisor.exe
[2005/10/19 22:19:32 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\David1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/19 21:57:48 | 000,183,514 | ---- | C] () -- C:\Program Files\qclip-setup.exe
[2005/10/19 19:23:27 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/10/19 18:38:40 | 000,003,571 | ---- | C] () -- C:\Program Files\legitcheck.hta
[2005/10/19 15:15:35 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE RX600E.ini
[2005/10/19 14:56:23 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\David1\Local Settings\Application Data\fusioncache.dat
[2005/10/19 14:23:48 | 000,176,436 | ---- | C] () -- C:\Documents and Settings\David1\Local Settings\Application Data\FASTWiz.log
[2005/10/19 12:04:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/19 11:43:32 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/10/19 11:21:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/05 21:38:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/05 21:30:50 | 000,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/05 21:08:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/21 06:47:41 | 000,000,128 | ---- | C] () -- C:\Program Files\www.abbyy.com.url
[2005/09/21 03:37:14 | 000,267,872 | ---- | C] () -- C:\Program Files\Tutorial0.chm
[2005/09/21 03:34:19 | 000,974,984 | ---- | C] () -- C:\Program Files\FineReader0.chm
[2005/09/21 02:18:11 | 000,238,587 | R--- | C] () -- C:\Program Files\Typewrit.str
[2005/09/21 02:18:04 | 000,149,295 | R--- | C] () -- C:\Program Files\Printer.str
[2005/09/21 02:18:00 | 000,449,175 | R--- | C] () -- C:\Program Files\Fax.str
[2005/09/21 02:17:49 | 000,389,319 | R--- | C] () -- C:\Program Files\Underlin.str
[2005/09/21 02:17:40 | 000,392,967 | R--- | C] () -- C:\Program Files\Italic.str
[2005/09/21 02:17:30 | 000,426,195 | R--- | C] () -- C:\Program Files\Bold.str
[2005/09/21 02:17:20 | 000,449,811 | R--- | C] () -- C:\Program Files\Normal.str
[2005/09/21 02:17:07 | 000,064,837 | R--- | C] () -- C:\Program Files\Printer.spt
[2005/09/21 02:12:05 | 000,157,208 | R--- | C] () -- C:\Program Files\Normal.spt
[2005/09/21 00:55:49 | 000,145,248 | ---- | C] () -- C:\Program Files\Univers.amm
[2005/09/21 00:50:54 | 000,159,867 | ---- | C] () -- C:\Program Files\French.amm
[2005/09/21 00:50:04 | 000,188,732 | ---- | C] () -- C:\Program Files\EnglishMedical.amd
[2005/09/21 00:50:03 | 000,163,571 | ---- | C] () -- C:\Program Files\EnglishMedical.amm
[2005/09/21 00:50:01 | 000,163,571 | ---- | C] () -- C:\Program Files\EnglishLaw.amm
[2005/09/21 00:49:55 | 000,163,571 | ---- | C] () -- C:\Program Files\English.amm
[2005/09/21 00:49:19 | 000,136,894 | ---- | C] () -- C:\Program Files\Dutch.amm
[2005/09/20 23:23:13 | 000,033,280 | R--- | C] () -- C:\Program Files\Finereader8.dot
[2005/09/20 23:23:12 | 000,045,568 | R--- | C] () -- C:\Program Files\Finereader8.2003.dot
[2005/09/20 23:00:57 | 000,860,827 | ---- | C] () -- C:\Program Files\Underlin.pat
[2005/09/20 23:00:57 | 000,344,951 | ---- | C] () -- C:\Program Files\Underlin.ptc
[2005/09/20 23:00:56 | 000,582,395 | ---- | C] () -- C:\Program Files\Typewrit.pat
[2005/09/20 23:00:56 | 000,334,243 | ---- | C] () -- C:\Program Files\Typewrit.pts
[2005/09/20 23:00:56 | 000,163,297 | ---- | C] () -- C:\Program Files\Typewrit.ptc
[2005/09/20 23:00:54 | 000,678,543 | ---- | C] () -- C:\Program Files\Printer.pat
[2005/09/20 23:00:54 | 000,377,627 | ---- | C] () -- C:\Program Files\Printer.pts
[2005/09/20 23:00:54 | 000,139,499 | ---- | C] () -- C:\Program Files\Printer.ptc
[2005/09/20 23:00:53 | 000,030,546 | ---- | C] () -- C:\Program Files\Part.pat
[2005/09/20 23:00:53 | 000,017,711 | ---- | C] () -- C:\Program Files\Part.pts
[2005/09/20 23:00:53 | 000,000,199 | ---- | C] () -- C:\Program Files\Part.ptc
[2005/09/20 23:00:47 | 000,764,274 | ---- | C] () -- C:\Program Files\Normal.pts
[2005/09/20 23:00:47 | 000,303,455 | ---- | C] () -- C:\Program Files\Normal.ptc
[2005/09/20 23:00:47 | 000,008,374 | ---- | C] () -- C:\Program Files\Normal.pdi
[2005/09/20 23:00:46 | 001,656,368 | ---- | C] () -- C:\Program Files\Normal.pat
[2005/09/20 23:00:45 | 001,466,568 | ---- | C] () -- C:\Program Files\Italic.pat
[2005/09/20 23:00:45 | 000,695,138 | ---- | C] () -- C:\Program Files\Italic.pts
[2005/09/20 23:00:45 | 000,238,325 | ---- | C] () -- C:\Program Files\Italic.ptc
[2005/09/20 23:00:41 | 000,852,428 | ---- | C] () -- C:\Program Files\Fax.pts
[2005/09/20 23:00:40 | 001,627,054 | ---- | C] () -- C:\Program Files\Fax.pat
[2005/09/20 23:00:40 | 000,309,930 | ---- | C] () -- C:\Program Files\Fax.ptc
[2005/09/20 23:00:37 | 000,207,125 | ---- | C] () -- C:\Program Files\Bold.ptc
[2005/09/20 23:00:36 | 001,175,275 | ---- | C] () -- C:\Program Files\Bold.pat
[2005/09/20 22:19:32 | 000,009,107 | R--- | C] () -- C:\Program Files\SndToWP9.wcm
[2005/09/20 22:19:32 | 000,008,402 | R--- | C] () -- C:\Program Files\SndToWp8.wcm
[2005/09/20 22:19:32 | 000,008,401 | R--- | C] () -- C:\Program Files\SndToWp7.wcm
[2005/09/20 22:19:31 | 000,010,406 | R--- | C] () -- C:\Program Files\SndToWP11.wcm
[2005/09/20 22:19:31 | 000,010,406 | R--- | C] () -- C:\Program Files\SndToWP10.wcm
[2005/09/20 22:19:31 | 000,010,358 | R--- | C] () -- C:\Program Files\SndToWP12.wcm
[2005/08/24 20:55:51 | 000,001,169 | ---- | C] () -- C:\Program Files\Fine.ini
[2005/08/24 15:47:36 | 000,003,341 | ---- | C] () -- C:\Program Files\FineOCR.txt
[2005/08/05 14:45:05 | 000,044,633 | ---- | C] () -- C:\Program Files\PhoneContacts.csv
[2005/07/15 13:36:11 | 000,002,995 | ---- | C] () -- C:\Program Files\CountriesRegistration.csv
[2005/05/14 20:02:58 | 000,015,634 | ---- | C] () -- C:\Program Files\myuninst.chm
[2005/05/12 09:25:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/23 16:02:37 | 001,446,336 | ---- | C] () -- C:\Program Files\StdFonts.mtr
[2004/08/31 13:11:50 | 000,034,682 | ---- | C] () -- C:\Program Files\nirext.chm
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/05/24 00:30:00 | 001,090,202 | ---- | C] () -- C:\Program Files\ie-ads.reg
[2004/05/24 00:30:00 | 001,037,973 | ---- | C] () -- C:\Program Files\ie-ads-uninst.reg
[2004/05/03 11:11:38 | 000,003,594 | ---- | C] () -- C:\Program Files\wul.txt
[2004/05/03 11:10:38 | 000,013,348 | ---- | C] () -- C:\Program Files\wul.chm
[2004/04/26 00:30:00 | 000,143,558 | ---- | C] () -- C:\Program Files\readme.txt
[2003/11/28 23:00:00 | 000,003,815 | ---- | C] () -- C:\Program Files\LICENSE.TXT
[2003/10/04 10:02:24 | 000,009,016 | ---- | C] () -- C:\Program Files\MemTest manual.html
[2003/10/04 09:52:42 | 000,016,384 | ---- | C] () -- C:\Program Files\memTest.exe
[2003/09/28 18:00:00 | 000,003,264 | ---- | C] () -- C:\Program Files\PleaseRead.txt
[2003/06/26 18:56:32 | 000,006,130 | ---- | C] () -- C:\Program Files\License_JasPer.txt
[2003/06/17 10:06:03 | 000,181,760 | ---- | C] () -- C:\Program Files\ariskkey.exe
[2003/06/17 09:23:29 | 000,048,998 | ---- | C] () -- C:\Program Files\pk.chm
[2002/03/19 18:30:00 | 000,005,528 | ---- | C] () -- C:\Program Files\PowerToyReadme.htm
[2002/03/19 17:30:00 | 000,016,358 | ---- | C] () -- C:\Program Files\vdm.chm
[2002/01/23 16:15:38 | 002,514,890 | ---- | C] () -- C:\Program Files\StdFonts.psa
[2000/05/25 16:59:00 | 000,004,608 | ---- | C] () -- C:\Program Files\serial.doc
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/04/01 21:58:32 | 002,268,160 | ---- | C] () -- C:\Program Files\DATA2.MSI
[1999/04/01 21:57:58 | 000,001,650 | ---- | C] () -- C:\Program Files\AUTORUN.INF
[1999/03/25 18:11:06 | 031,738,166 | ---- | C] () -- C:\Program Files\OFFCD2_1.CAB
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1992/01/07 02:47:54 | 000,018,321 | ---- | C] () -- C:\Program Files\COPYING

========== LOP Check ==========

[2007/10/16 03:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/19 15:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/10/22 18:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/18 20:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 20:14:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/06/12 02:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/06/11 11:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/06/05 00:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/08/21 18:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gpijovsr
[2008/06/05 01:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/01/05 18:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/01/05 21:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/18 20:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/05/01 19:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2005/10/19 14:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/09/04 04:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/11/04 23:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/22 10:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/06/04 03:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/10/22 15:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2006/04/28 23:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2005/10/05 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/12 02:12:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
[2006/04/09 02:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\aignes
[2010/10/21 22:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\AVG
[2010/10/18 20:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\AVG10
[2010/07/05 09:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/21 22:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\FinalMediaPlayer
[2008/01/12 02:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Grisoft
[2006/10/06 01:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\gtopala
[2008/01/05 18:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\iolo
[2005/10/19 14:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Leadertech
[2005/10/31 22:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Learn2.com
[2010/05/25 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\myfreezetoolbar
[2009/11/07 19:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\OpenOffice.org
[2007/12/05 15:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Opera
[2007/07/15 03:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\PC Magazine Utilities
[2010/09/23 14:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\PC-FAX TX
[2010/10/22 18:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\PriceGong
[2009/05/31 15:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Skinux
[2007/08/18 21:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Softplicity
[2009/02/16 03:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\System Tweaker
[2010/05/25 14:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Template
[2007/12/08 01:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\True Sword
[2010/10/22 15:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Trusteer
[2010/05/29 06:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\Uniblue
[2006/05/27 18:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\VersionTracker Pro
[2007/11/13 04:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David1\Application Data\wsInspector
[2010/10/17 20:05:01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2010/10/22 11:04:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/10/23 02:01:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010/10/23 02:10:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{772EE5E4-7384-4A15-A8DC-B995B75632B5}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\ynslupfkwd.tmp:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\StartupCPL.zip:SummaryInformation
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

#10 Masochist1

Masochist1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 22 October 2010 - 08:48 PM

Here (again I hope) is Extras.Txt

OTL Extras logfile created on: 23/10/2010 02:05:18 - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\David1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 441.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.28 Gb Total Space | 19.27 Gb Free Space | 39.90% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 94.87 Gb Free Space | 97.14% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 462.13 Gb Free Space | 99.22% Space Free | Partition Type: NTFS

Computer Name: DAVID | User Name: David1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with Paint Shop Pro Studio] -- C:\Program Files\Paint Shop\Paint Shop Pro Studio\Paint Shop Pro Studio.exe "/Browse" "%L" (Jasc Software, Inc.)
Directory [File Finder...] -- c:\Program Files\PowerDesk\pdfind.exe /PATH:%1 (Ontrack Data International)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\MY DOCUMENTS\Downloads\YoutubeToMp3_Setup.exe" = D:\MY DOCUMENTS\Downloads\YoutubeToMp3_Setup.exe:*:Enabled:Youtube To MP3 -- ()
"C:\WINDOWS\system32\spoolsv.exe" = C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15047293-954F-45B2-8A7B-D7226D2B6931}" = SyncToy
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59B9F-C360-11D7-875B-0090CC005647}" = PIF DESIGNER2.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{4025244F-7F7C-4AB8-BF9A-F4A017AE6674}" = InkSaver
"{403EF592-953B-4794-BCEF-ECAB835C2095}" =
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5730CAAC-9368-4813-9D3C-7D1AB5F0A154}" = ABBYY ScanTo Office 1.0
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5FA4690C-1975-4F94-9A64-274F29BD9221}" = Microsoft Baseline Security Analyzer 1.2
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{618D0D6E-BB52-43FD-AC27-2E0E481E3FF3}" = AllChars 4.0.321
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{636F5444-8C7C-40C6-A89B-A1D2F01DC7F6}" = ATI Catalyst Control Center
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{704BA20C-E4D5-4265-92B4-9768345AB76B}" = AVG 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{739F4CE3-6443-40AB-ACB3-2CF6FD3702AE}" = AVG 2011
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7CCC6E23-0E35-480B-8F0C-8D06F882D5D3}" = Brother QL-Series User's Guide
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A138F400-2451-4C26-86EF-6C259CE1B6CE}" = Infinity Chess Prerequisite
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A600B935-50DC-476E-9432-95A13F416302}" = DBXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5770FD5-7345-47E0-BEB8-54522270D58F}" = AVG 2011
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE325D55-FCAF-4273-BB79-069BB8747270}" = TomTom HOME
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4493A4C-1221-45A7-A172-9D31D0F893DD}" = Clipboard Buddy (build1.0.4)
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" =
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F64306A5-4C32-41bb-B153-53986527FAB4}" =
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1-Click Answers" = 1-Click Answers
"30+ Free Patience" = 30+ Free Patience
"ABBYY FineReader 5.0 Sprint" =
"ActiveScan2" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"AI RoboForm" = AI RoboForm (All Users)
"AIDA32_is1" = AIDA32 v3.80
"All ATI Software" = ATI - Software Uninstall Utility
"Allin1Converter" = Allin1 Converter 2.2
"AM-DeadLink" = AM-DeadLink
"Answers.com Toolbar" = Answers.com Toolbar
"Ashampoo WinOptimizer Platinum 3" = Ashampoo WinOptimizer Platinum 3
"Ashampoo WinOptimizer Platinum Suite 2" =
"Asterisk Key" = Asterisk Key
"ATI Display Driver" = ATI Display Driver
"AudioPlugin.dll" =
"AutoSizer" = AutoSizer
"AVG" = AVG 2011
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Belarc Advisor 2.0" = Belarc Advisor 7.0
"BHO Cop" = BHO Cop
"BigFix" = BigFix
"Branding" =
"BugOff" = BugOff 1.10
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"conduitEngine" = Conduit Engine
"Connection Manager" =
"CopyNow.dll" =
"DataPlugin.dll" =
"DBX Backup v.1.1" = DBX Backup v.1.1
"dlatray.exe" =
"DriverAgent.exe" = DriverAgent by eSupport.com
"EndItAll_is1" = EndItAll 2.0
"EscapeClose 1.2" = EscapeClose 1.2
"ESPRX600 Operation Guide" = ESPRX600 Operation Guide
"ESPRX600 Reference Guide" = ESPRX600 Reference Guide
"ESPRX600 Software Guide" = ESPRX600 Software Guide
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FavOrg" = FavOrg
"FinalMediaPlayer_is1" = Final Media Player 2010
"FinePrint" = FinePrint
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Window Registry Repair" = Free Window Registry Repair
"HDCleaner" = HDCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE New Window Maximizer_is1" = IE New Window Maximizer 2.3
"IE5WA" = Microsoft Internet Explorer 5 Web Accessories
"ie7" = Windows Internet Explorer 7
"InstallShield Uninstall Information" =
"InstallShield_{4025244F-7F7C-4AB8-BF9A-F4A017AE6674}" = InkSaver
"InstallShield_{7CCC6E23-0E35-480B-8F0C-8D06F882D5D3}" = Brother QL-Series User's Guide
"InstallShield_{98E9B724-0E62-4812-B6CC-C6A228BBC562}" = Brother P-touch Address Book 1.0
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"IrfanView" = IrfanView (remove only)
"Karen's Replicator" = Karen's Replicator
"LimeWire" = LimeWire 5.5.8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"MailFrontier Desktop" =
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapNeto_1 Toolbar" = MapNeto 1 Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Interactive Training" =
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MWSnap 3" = MWSnap 3
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSIS_Font_Glancer" = Font Glancer (remove only)
"Panda ActiveScan" = Panda ActiveScan
"Pawn" = Pawn
"Pawn 2" = Pawn 2
"PC Pitstop Driver Alert_is1" = PC Pitstop Driver Alert 1.0
"PCHealth" =
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"PerformanceTest_is1" = PerformanceTest v4.0
"PIXresizer_is1" = PIXresizer 1.0.8
"PowerDesk4.0" = PowerDesk 4.0
"Privacy Defender 7.0.2" = Privacy Defender 7.0.2 (remove only)
"PROSet" = Intel® PRO Network Connections Drivers
"QClip" = QClip (remove only)
"QWhaleOeTweaker" = OE Tweaker
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer
"RegScrubXP_is1" = RegScrubXP 3.25
"Revo Uninstaller" = Revo Uninstaller 1.89
"Shockwave" =
"SpoofStick for Internet Explorer" = SpoofStick for Internet Explorer 1.01
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"System Security Suite 1.04" = System Security Suite 1.04
"Total Audio Converter_is1" = AudioConverter
"Trogladite Software SendTo_is1" = Trogladite Software SendTo 1.6
"Tweak UI 2.10" = Tweak UI
"TweakUI" = Tweak UI
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"UninstallAbility" = UninstallAbility
"ViewpointMediaPlayer" = Viewpoint Media Player
"VoucherCodes.com Toolbar" = VoucherCodes.com Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinBoard" = WinBoard
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinUpdatesList" = WinUpdatesList
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0cebf57e749488aa" = Infinity Chess Beta
"Exposed" = Exposed !
"Google Chrome" = Google Chrome
"Pawn 3" = Pawn 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/10/2010 17:26:17 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 18:32:09 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 18:32:09 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 19:03:17 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 19:03:17 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 20:06:09 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 20:06:09 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 20:40:17 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 20:40:17 | Computer Name = DAVID | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 22/10/2010 21:01:16 | Computer Name = DAVID | Source = MsiInstaller | ID = 10005
Description = Product: Ask Toolbar -- Error 2753.The File 'taskscheduler.exe' is
not marked for installation.

[ System Events ]
Error - 22/10/2010 06:00:10 | Computer Name = DAVID | Source = Service Control Manager | ID = 7034
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s).

Error - 22/10/2010 06:00:10 | Computer Name = DAVID | Source = Service Control Manager | ID = 7023
Description = The Telephony service terminated with the following error: %%999

Error - 22/10/2010 06:00:10 | Computer Name = DAVID | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%999

Error - 22/10/2010 06:00:10 | Computer Name = DAVID | Source = Service Control Manager | ID = 7023
Description = The Telephony service terminated with the following error: %%999

Error - 22/10/2010 06:00:10 | Computer Name = DAVID | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%999

Error - 22/10/2010 06:00:10 | Computer Name = DAVID | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%999

Error - 22/10/2010 06:00:39 | Computer Name = DAVID | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 22/10/2010 06:05:24 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The srrqwwmm service failed to start due to the following error: %%2

Error - 22/10/2010 06:05:24 | Computer Name = DAVID | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2

Error - 22/10/2010 16:33:53 | Computer Name = DAVID | Source = DCOM | ID = 10010
Description = The server {0006F03A-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:05 AM

Posted 23 October 2010 - 05:25 PM

Can you run Gooredfix

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Posted Image
m0le is a proud member of UNITE

#12 Masochist1

Masochist1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 24 October 2010 - 12:43 PM

Hello

Here is the GooredFix log

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:35 on 24/10/2010 (David1)
Firefox version 3.6.4 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:25 17/05/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [12:27 05/07/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [05:36 20/08/2010]

C:\Documents and Settings\David1\Application Data\Mozilla\Firefox\Profiles\tw6rgh1j.default\extensions\
toolbar@ask.com [21:36 21/05/2010]
{20a82645-c095-46ed-80e3-08825760534b} [18:39 27/05/2010]
{CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} [21:58 21/05/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [19:47 24/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:37 16/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [12:26 05/07/2010]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [18:22 09/10/2010]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG10\Firefox\" [19:11 18/10/2010]
"avg@igeared"="C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" [08:59 22/10/2010]

---------- Old Logs ----------
GooredFix[17.34.50_24-10-2010].txt

-=E.O.F=-

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:05 AM

Posted 24 October 2010 - 03:58 PM

Okay now back to OTL

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20 - Winlogon\Notify\d094db2a816: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\d094db2a967: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
@Alternate Data Stream - 88 bytes -> C:\Program Files\ynslupfkwd.tmp:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Program Files\StartupCPL.zip:SummaryInformation
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#14 Masochist1

Masochist1
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 25 October 2010 - 02:06 PM

Hello

Here are the OTL and MBAM logs

As I said in my first post, I have had great problems recently with MBAM, which I suspect are connected with this wretched virus

These problems continue. Having uninstalled my existing copy, I re-installed, using the second of your links (the first one produces nothing more than a MBAM icon)but had exactly the same problem as before. I downloaded, installed but clicking on Finish did not start the program and at no stage was I asked about updating. Clicking on the .exe file did nothing, until I changed its name, then the program opened

Before I forget to ask, is this virus the cause of my problems with the Desktop, where right clicking and send to no longer result in a shortcut (though I can still copy and paste to the Desktop)? I still keep trying right clicking, having done so for so long and, 2 or 3 times, a shortcut has appeared, several WEEKS after I tried to place it! Also, I can no longer use one of the right click options to send a Word document to email

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d094db2a816\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d094db2a967\ not found.
Unable to delete ADS C:\Program Files\ynslupfkwd.tmp: SummaryInformation .
Unable to delete ADS C:\Program Files\StartupCPL.zip: SummaryInformation .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 .
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.16.0 log created on 10252010_194156

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

25/10/2010 15:39:38
mbam-log-2010-10-25 (15-39-38).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 230455
Time elapsed: 1 hour(s), 34 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:05 AM

Posted 25 October 2010 - 06:25 PM

is this virus the cause of my problems with the Desktop, where right clicking and send to no longer result in a shortcut (though I can still copy and paste to the Desktop)?


Maybe, it's possible that some file associations have been damaged.

The MBAM log shows nothing which means we will go on and continue the clean-up before we look at those problems and decide what to do.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users