Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help needed before I go insane


  • This topic is locked This topic is locked
3 replies to this topic

#1 hsherriff

hsherriff

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 02 June 2011 - 09:01 AM

Hi am new to this forum my friend suggested that you guys might be able to help me.
I was having problems getting my headset with mic to work it kept coming up usb bandwith exceeded and it seems that my speakers are using 68%. This was a new issue and I dont even know why its happening anyway I decided to do an update of my bios and graphics card software which seemd to go ok but it still didnt solve that problem.
I did other driver and microsoft updates but still nothing. Then my pc started to go slow and play up so I did a restore to the before I did the uodates. The day before didnt work so I had to do a few days before. I think that worked.

Anyway after this I started to notice that I was searching in google then selecting on the site I wanted and it would redirect me. at the bottom it says hxxp://lakyclktolakylock.com then it takes me to various websites and sometimes the gomeo search engine appears. I searched on various websites and forums for help and I have tried various things including doing scans with spyware doc. malwarebytes, panda onlie, hitman and I have used atf cleaner, rkill, combofix. nothing seems to have worked. I did a dns flush and I have tried check disk.

I have spent days on this and nothing this little blighter is still there. I went into my C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 and my C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 I deleted the files there but they would not let me delete some files which were txt files called search with various numbers such as 1 or 2 etc.. Even I delete files there more just keep popping up even though I dont have IE open not sure if this is normal or part of the virus. I also found out my host file was missing but I replaced that using hostsxpert and making it read only.

I tried to do another restore today thought I would try back a few weeks and guess what no dam restore points apart from yesterday :wacko::-( I dont know what else to do. My XP disc is scratched, I could get another one I assume as I have receipts etc but I dont really want to do a reinstall.
I have used OTl and im posting the two logs.. I would be very grateful if you can help get rid of this iritation for me before I go :crazy: THANK YOU
OTL logfile created on: 6/2/2011 9:17:57 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Heather\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.50% Memory free
3.84 Gb Paging File | 2.42 Gb Available in Paging File | 63.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 32.09 Gb Free Space | 11.48% Space Free | Partition Type: NTFS

Computer Name: HOME-821F7BA77E | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 19:24:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
PRC - [2011/05/19 22:36:09 | 002,084,848 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011/05/19 22:36:06 | 001,449,368 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011/05/17 02:09:38 | 000,623,048 | ---- | M] (Plantronics, Inc.) -- C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2011/04/27 15:37:02 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\FGuard.exe
PRC - [2011/04/27 15:37:00 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/04/08 13:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/01 20:13:01 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011/04/01 20:12:23 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2010/12/21 08:17:10 | 013,130,552 | ---- | M] (VoipCheapCom) -- C:\Program Files\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe
PRC - [2010/09/21 16:59:52 | 001,957,672 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2009/02/11 00:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/10/13 05:17:00 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/02 08:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 08:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/19 11:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
PRC - [2005/11/30 17:43:00 | 000,058,952 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 19:24:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
MOD - [2011/02/15 23:33:36 | 000,015,624 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchook32.dll
MOD - [2011/01/11 10:59:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2010/08/24 00:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/02 08:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (BlueSoleil Hid Service)
SRV - [2011/05/19 22:36:09 | 002,084,848 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011/04/27 15:37:00 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/04/08 13:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/04/01 20:13:01 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/02/15 23:33:57 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2011/01/20 13:27:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/09/21 16:59:52 | 001,957,672 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/04/27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/11 00:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/13 05:17:00 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/02 08:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/16 10:03:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/11/30 17:43:00 | 000,058,952 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (gearsec)


========== Driver Services (SafeList) ==========

DRV - [2011/04/13 02:07:49 | 000,307,784 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (Trufos)
DRV - [2011/04/01 20:12:33 | 000,353,096 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2011/04/01 20:12:29 | 000,105,152 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011/03/10 10:06:50 | 000,263,888 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/03/10 09:08:22 | 000,233,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/03/03 23:59:20 | 000,119,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/02/15 23:33:38 | 000,149,520 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (BDFM)
DRV - [2011/01/20 13:27:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2011/01/20 13:27:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/01/20 13:27:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/12/16 07:46:04 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/11/03 04:16:48 | 000,111,696 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/11/03 04:16:42 | 000,126,800 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/06/28 12:55:42 | 000,970,320 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf)
DRV - [2010/06/28 12:55:36 | 000,633,424 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3)
DRV - [2010/05/13 17:02:31 | 000,012,960 | ---- | M] (BITDEFENDER LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\bdrawpr.sys -- (BdRawPr)
DRV - [2010/04/02 09:10:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/03 12:21:08 | 004,630,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bdvedisk.sys -- (Bdvedisk)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/11/20 15:46:30 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI32)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/01 11:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/08/01 11:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/07/26 23:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/04/14 02:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 02:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/29 09:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/02/29 09:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 09:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/29 09:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/29 09:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/01/20 15:07:58 | 000,033,292 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/15 13:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/06/05 17:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2007/02/03 16:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2007/01/23 22:45:00 | 000,028,176 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/10/19 03:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/08/22 00:40:46 | 000,244,864 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbvm323.sys -- (ZSMC326) Vimicro USB2.0 PC Camera(VC0323)
DRV - [2006/08/08 19:25:40 | 000,476,672 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter323.sys -- (vmfilter323)
DRV - [2006/07/02 04:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/24 18:48:20 | 000,030,728 | ---- | M] (Eugene Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2005/08/18 16:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/01/17 20:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 21:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/11/05 17:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 19:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 19:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 17:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/22 00:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/08/12 16:00:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 04:32:24 | 000,010,880 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\admjoy.sys -- (admjoy)
DRV - [2004/04/13 04:39:16 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2002/08/05 17:17:32 | 000,037,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1370mp.sys -- (ES1370) Creative AudioPCI (ES1370), SB PCI 64/128 (WDM)
DRV - [2001/10/05 20:13:46 | 000,702,080 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adm8830.sys -- (wdm_au8830) Aureal Vortex 8830 Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE D5 18 E7 53 76 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "GoogleCOM"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..keyword.URL: "http://www.ufsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.backup.ftp: "174.142.27.178 "
FF - prefs.js..network.proxy.backup.ftp_port: 8100
FF - prefs.js..network.proxy.backup.gopher: "174.142.27.178 "
FF - prefs.js..network.proxy.backup.gopher_port: 8100
FF - prefs.js..network.proxy.backup.socks: "174.142.27.178 "
FF - prefs.js..network.proxy.backup.socks_port: 8100
FF - prefs.js..network.proxy.backup.ssl: "174.142.27.178 "
FF - prefs.js..network.proxy.backup.ssl_port: 8100
FF - prefs.js..network.proxy.ftp: "174.142.27.183 "
FF - prefs.js..network.proxy.ftp_port: 8100
FF - prefs.js..network.proxy.gopher: "174.142.27.183 "
FF - prefs.js..network.proxy.gopher_port: 8100
FF - prefs.js..network.proxy.http: "174.142.27.183 "
FF - prefs.js..network.proxy.http_port: 8100
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "174.142.27.183 "
FF - prefs.js..network.proxy.socks_port: 8100
FF - prefs.js..network.proxy.ssl: "174.142.27.183 "
FF - prefs.js..network.proxy.ssl_port: 8100
FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "GoogleCOM"
FF - user.js..keyword.URL: "http://www.ufsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2007/12/04 05:53:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{03876E1C-5DEE-4E07-B25E-0922547A23C5}: C:\Documents and Settings\Heather\Local Settings\Application Data\{03876E1C-5DEE-4E07-B25E-0922547A23C5} [2010/01/08 17:27:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010/09/07 13:58:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011/05/28 07:44:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/11 02:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/26 23:44:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010/09/07 10:10:44 | 000,000,000 | ---D | M]

[2010/09/26 15:01:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\extensions
[2009/10/20 10:36:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 15:55:53 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2008/09/06 03:00:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/18 16:09:34 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\extensions\ChoiceGuard@Microsoft
[2008/06/07 01:16:50 | 000,000,000 | ---D | M] (FaviconizeTab) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\extensions\faviconizetab@espion.just-size.jp
[2008/06/07 01:16:50 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\extensions\nl-NL@dictionaries.addons.mozilla.org
[2010/05/06 21:05:34 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\searchplugins\bing.xml
[2009/11/16 17:16:51 | 000,002,169 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\kgr7cf98.default\searchplugins\inbox-search.xml
[2010/10/20 20:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/20 20:49:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/08 17:27:15 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\HEATHER\LOCAL SETTINGS\APPLICATION DATA\{03876E1C-5DEE-4E07-B25E-0922547A23C5}
[2010/03/01 17:26:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/12/04 05:53:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2009/09/12 22:17:21 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009/09/12 22:17:22 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009/09/12 22:17:22 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009/09/12 22:17:23 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009/09/12 22:17:23 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/12/21 21:57:22 | 001,933,312 | ---- | M] (Total Immersion) -- C:\Program Files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
[2008/03/25 02:21:00 | 002,889,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010/12/09 18:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009/09/12 22:17:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/09/12 22:17:35 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/09/25 08:56:34 | 000,001,351 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009/09/12 22:17:35 | 000,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/03/16 19:44:48 | 000,001,307 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-com.xml
[2009/09/12 22:17:35 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/28 19:52:27 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - File not found
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKCU..\Run: [VoipCheapCom] C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe (VoipCheapCom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankwest.com.au ([help.ibs] * in Trusted sites)
O15 - HKCU\..Trusted Domains: hotmail.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: passport.com ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://arcww.vo.llnwd.net/o37/seekr/MCD/Plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/16 20:02:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 18:39:41 | 000,153,440 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.upd
[2011/06/01 23:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/06/01 06:32:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/01 00:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/31 23:34:03 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/31 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/05/31 22:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/31 22:28:29 | 006,470,464 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Heather\Desktop\HitmanPro35.exe
[2011/05/30 19:25:43 | 091,346,756 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Heather\Desktop\ubcd411.exe
[2011/05/30 19:24:46 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
[2011/05/30 19:04:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/05/30 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/30 19:04:07 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Heather\Desktop\hijackthis.exe
[2011/05/30 18:59:23 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/05/30 17:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/30 17:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/28 19:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Musicmatch
[2011/05/28 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Musicmatch
[2011/05/28 19:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\Musicmatch
[2011/05/28 19:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Local Settings\Application Data\Musicmatch
[2011/05/28 12:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Local Settings\Application Data\Threat Expert
[2011/05/28 12:13:49 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/05/28 12:13:48 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/05/28 12:13:47 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/05/28 07:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Desktop\HostsXpert
[2011/05/28 07:44:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/05/28 07:44:15 | 002,074,576 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/05/28 07:44:15 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/05/28 07:40:28 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/05/28 07:40:28 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/05/28 07:40:26 | 000,251,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/05/28 07:40:17 | 000,263,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/05/28 07:40:17 | 000,160,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/05/28 07:40:03 | 000,233,976 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/05/28 07:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/05/28 07:39:47 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/05/28 07:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/05/28 07:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/28 07:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/05/27 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\RadioPI_4eEI
[2011/05/25 16:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Desktop\music
[2011/05/25 16:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Desktop\pictures
[2011/05/25 16:33:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/25 14:27:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/25 14:22:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/25 14:22:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/25 14:22:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/25 14:22:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/25 14:19:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/25 14:19:25 | 000,000,000 | ---D | C] -- C:\ComboFix_N
[2011/05/25 14:17:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 14:16:37 | 004,293,168 | R--- | C] (Swearware) -- C:\Documents and Settings\Heather\Desktop\ComboFix_N.exe
[2011/05/25 13:54:59 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Heather\Desktop\ATF-Cleaner.exe
[2011/05/24 08:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/23 04:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/22 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/22 00:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/22 00:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/21 16:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/05/21 15:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/05/21 15:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Local Settings\Application Data\PC_Drivers_Headquarters
[2011/05/21 15:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/05/21 15:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Whiz
[2011/05/21 15:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Whiz
[2011/05/21 15:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\FLEXnet
[2011/05/21 15:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Local Settings\Application Data\Plantronics
[2011/05/21 15:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Plantronics
[2011/05/21 15:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2011/05/21 15:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2011/05/21 15:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Plantronics
[2011/05/21 13:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011/05/21 13:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/21 13:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/21 13:49:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/05/18 22:41:07 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2011/05/18 21:59:24 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco322040.dll
[2011/05/18 21:59:21 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/05/18 21:59:21 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/05/18 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/18 21:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\Kirstens S21
[2011/05/18 21:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Local Settings\Application Data\Kirstens S21
[2011/05/18 21:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kirstens S21
[2011/05/18 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Start Menu\Programs\Kirstens S21
[2011/05/18 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kirstens S21
[2011/05/18 21:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/05/16 11:20:00 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/04 08:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2010/11/11 18:15:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Heather\Application Data\pcouffin.sys
[2008/09/23 06:36:30 | 049,489,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\bitdefender_totalsecurity_2008_32b.exe
[2008/05/31 17:49:53 | 015,299,284 | ---- | C] (Sucosoft.com ) -- C:\Program Files\socusoft_dvc.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[8 C:\Documents and Settings\Heather\My Documents\*.tmp files -> C:\Documents and Settings\Heather\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 21:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/02 20:36:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/02 18:39:41 | 000,153,440 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.upd
[2011/06/02 18:38:44 | 000,306,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys.upd
[2011/06/02 18:10:24 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B6198BC7-E9FF-479A-83BD-328104AA42CA}.job
[2011/06/02 18:07:36 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/02 18:06:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 18:03:46 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/02 18:02:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 13:35:48 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Heather\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/01 00:47:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/31 23:34:24 | 000,015,398 | ---- | M] () -- C:\Documents and Settings\Heather\My Documents\log.xml
[2011/05/31 23:34:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2011/05/31 22:31:05 | 000,017,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/31 22:31:03 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/05/31 22:30:34 | 006,470,464 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Heather\Desktop\HitmanPro35.exe
[2011/05/31 21:45:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/30 19:25:48 | 091,346,756 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Heather\Desktop\ubcd411.exe
[2011/05/30 19:24:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
[2011/05/30 19:13:00 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\move_hijackthis.vbs
[2011/05/30 19:12:52 | 000,089,530 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\killbox.zip
[2011/05/30 19:04:26 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\HijackThis.lnk
[2011/05/30 19:04:07 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Heather\Desktop\hijackthis.exe
[2011/05/29 23:12:03 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Second Life Viewer 2.lnk
[2011/05/28 20:32:19 | 090,214,528 | ---- | M] () -- C:\Documents and Settings\Heather\My Documents\party.mp3
[2011/05/28 19:53:20 | 994,599,776 | ---- | M] () -- C:\Documents and Settings\Heather\My Documents\party.wav
[2011/05/28 19:52:27 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/05/28 19:38:28 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/05/28 19:38:28 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Musicmatch JUKEBOX.lnk
[2011/05/28 19:15:52 | 000,072,212 | ---- | M] () -- C:\Documents and Settings\Heather\My Documents\party.mmp
[2011/05/28 07:41:12 | 000,714,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/05/28 07:40:13 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/05/27 18:14:33 | 000,000,077 | ---- | M] () -- C:\Documents and Settings\Heather\default.pls
[2011/05/27 01:10:15 | 000,517,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/27 01:10:15 | 000,093,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/26 23:46:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/25 14:37:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/05/25 14:27:26 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/05/25 14:20:51 | 004,293,168 | R--- | M] (Swearware) -- C:\Documents and Settings\Heather\Desktop\ComboFix_N.exe
[2011/05/25 13:55:00 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Heather\Desktop\ATF-Cleaner.exe
[2011/05/25 13:49:04 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\rkill.exe
[2011/05/25 00:53:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/23 20:49:45 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2011/05/21 20:08:28 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/05/21 18:51:02 | 000,050,590 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\Report.htm
[2011/05/21 16:14:29 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\OddcastV3.lnk
[2011/05/21 13:49:41 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/18 22:54:20 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 22:54:20 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 22:54:16 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 22:10:50 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/18 22:00:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/18 21:48:24 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kirstens S21.lnk
[2011/05/16 11:33:59 | 001,593,130 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\MON0011-1Cover-Standard-PDS-22Oct10.pdf
[2011/05/16 11:20:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/16 11:17:48 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/04 08:56:53 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[8 C:\Documents and Settings\Heather\My Documents\*.tmp files -> C:\Documents and Settings\Heather\My Documents\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2100/02/16 21:09:06 | 000,000,062 | ---- | C] () -- C:\WINDOWS\System32\LXBOUSCI.INI
[2011/06/01 00:47:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/31 23:34:23 | 000,015,398 | ---- | C] () -- C:\Documents and Settings\Heather\My Documents\log.xml
[2011/05/31 22:31:04 | 000,017,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/05/31 22:31:03 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/05/30 19:13:00 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\move_hijackthis.vbs
[2011/05/30 19:12:51 | 000,089,530 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\killbox.zip
[2011/05/30 19:04:26 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\HijackThis.lnk
[2011/05/28 20:28:13 | 090,214,528 | ---- | C] () -- C:\Documents and Settings\Heather\My Documents\party.mp3
[2011/05/28 19:38:28 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2011/05/28 19:38:28 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Musicmatch JUKEBOX.lnk
[2011/05/28 19:16:19 | 994,599,776 | ---- | C] () -- C:\Documents and Settings\Heather\My Documents\party.wav
[2011/05/28 19:15:52 | 000,072,212 | ---- | C] () -- C:\Documents and Settings\Heather\My Documents\party.mmp
[2011/05/28 07:44:28 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/05/28 07:44:16 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/05/28 07:44:16 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/05/28 07:44:16 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/05/28 07:44:16 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/05/28 07:40:32 | 000,714,510 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/05/28 07:40:13 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/05/25 14:27:25 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/05/25 14:27:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/25 14:22:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/25 14:22:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/25 14:22:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/25 14:22:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/25 14:22:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/25 13:49:00 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\rkill.exe
[2011/05/23 20:49:45 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2011/05/22 00:45:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/21 18:51:02 | 000,050,590 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\Report.htm
[2011/05/21 13:49:41 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/21 12:48:17 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/18 22:53:29 | 000,003,629 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/18 22:41:08 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/05/18 22:41:07 | 000,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2011/05/18 22:00:31 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/18 22:00:31 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/18 22:00:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 22:00:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/18 21:48:24 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kirstens S21.lnk
[2011/05/16 11:33:59 | 001,593,130 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\MON0011-1Cover-Standard-PDS-22Oct10.pdf
[2011/05/04 08:56:53 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/05 21:27:22 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-5PF2P.exe
[2010/11/11 18:15:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\pcouffin.cat
[2010/11/11 18:15:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\pcouffin.inf
[2010/11/11 18:10:03 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2010/11/11 18:10:02 | 000,641,021 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/11/11 18:10:02 | 000,001,678 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/11/05 19:11:20 | 000,003,018 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/09/07 10:36:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2010/09/07 09:50:26 | 000,071,997 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2010/08/13 08:54:32 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\bdfvconp.ini
[2010/08/01 12:43:23 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Heather\Local Settings\Application Data\fusioncache.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/07/28 00:09:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/07/25 00:35:49 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/07/25 00:35:49 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/07/08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010/04/16 13:32:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\C6501rm.dll
[2010/04/16 13:32:50 | 000,000,162 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfl
[2010/04/16 13:30:45 | 000,004,571 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfg
[2010/04/16 13:30:38 | 000,000,326 | ---- | C] () -- C:\WINDOWS\c6501.ini
[2010/04/16 12:43:58 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/16 10:10:34 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/04/16 10:10:33 | 000,201,875 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/16 10:10:33 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/04/15 11:56:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/04/15 11:56:44 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/04/02 16:41:45 | 000,000,250 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2010/02/13 10:53:36 | 000,043,968 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/23 11:38:32 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\cdr.ini
[2010/01/08 17:27:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xpayadaxuvedidak.bin
[2010/01/08 17:27:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Charuwudehibewav.dat
[2009/12/08 16:54:43 | 000,003,065 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2009/12/06 17:09:03 | 000,486,912 | ---- | C] () -- C:\Program Files\CalcPlus.msi
[2009/09/03 19:24:55 | 000,000,716 | ---- | C] () -- C:\WINDOWS\Calendar.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/07 23:00:59 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\$_hpcst$.hpc
[2009/03/03 02:57:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\VMSnap23.exe
[2009/02/17 00:15:24 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2009/02/17 00:15:22 | 000,081,920 | R--- | C] () -- C:\WINDOWS\VMCap323.exe
[2009/01/01 08:18:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/09/24 21:16:58 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\VideoConverter_sysquict.dat
[2008/07/16 02:43:44 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/06/07 01:28:58 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/06/07 01:10:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/04 20:44:52 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/05/31 17:45:15 | 002,571,785 | ---- | C] () -- C:\Program Files\anyflvplayer_setup.exe
[2008/05/22 16:30:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/05/16 22:24:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini
[2008/05/16 17:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/03/10 19:40:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/03/09 02:14:36 | 000,105,908 | ---- | C] () -- C:\WINDOWS\desctemp.dat
[2008/03/07 00:45:17 | 001,699,323 | ---- | C] () -- C:\Program Files\WL-153_fw1.45.bin
[2008/01/17 04:26:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/01/09 21:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 21:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/28 17:18:35 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/12/06 05:01:22 | 000,001,030 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/23 01:26:21 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/10/23 01:26:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/10/23 01:26:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/10/23 01:26:21 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/10/23 01:26:21 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/10/23 01:26:21 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/10/23 01:26:21 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/10/23 01:26:21 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/10/23 01:26:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/10/23 01:26:21 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/10/23 01:26:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/10/23 01:26:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/10/23 01:26:21 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/10/23 01:26:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/10/23 01:26:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/10/23 01:26:21 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/10/23 01:26:21 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/10/23 01:26:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/10/23 01:26:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/10/14 01:26:13 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/10/14 01:26:13 | 000,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2007/09/27 02:21:01 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/25 18:21:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/25 01:19:38 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Heather\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/19 01:47:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/19 00:30:34 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/09/17 16:41:14 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2007/09/17 16:30:04 | 000,039,986 | ---- | C] () -- C:\Program Files\Adobe_Photoshop_CS3_Extended_Final_Version_Incl_CD_Key.torrent
[2007/09/17 04:06:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2007/09/17 04:06:51 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2007/09/17 04:05:13 | 000,035,132 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2007/09/17 04:04:55 | 000,522,928 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/09/17 04:04:55 | 000,010,840 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dMC Power Pack.dat
[2007/09/17 04:04:02 | 000,011,690 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/17 04:04:02 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\01FE181634.sys
[2007/09/17 03:30:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/17 02:20:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ACMonitor_X84-X85.ini
[2007/09/17 02:19:43 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXBOUSCI.DLL
[2007/09/17 01:36:35 | 034,441,990 | ---- | C] () -- C:\Program Files\Second Life 1-18-2-0 Setup.exe
[2007/09/16 23:32:28 | 000,012,675 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/16 21:46:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/16 21:45:30 | 000,233,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/16 21:33:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\0603.BIN
[2007/09/16 21:24:53 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/09/16 21:24:53 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/09/16 21:24:51 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2007/09/16 21:24:51 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2007/09/16 20:31:17 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/09/16 20:31:08 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/16 20:04:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/09/16 20:00:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/08/15 13:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2005/08/04 03:54:08 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/01/19 12:18:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/10/27 06:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/04 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 20:00:00 | 000,517,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 20:00:00 | 000,093,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/20 23:50:14 | 001,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/02 03:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/08 03:01:50 | 000,166,912 | ---- | C] () -- C:\WINDOWS\System32\Lame_enc.dll
[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/24 20:40:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/09/19 00:40:16 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2002/09/19 00:13:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxboBCE.DLL
[2002/09/19 00:13:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\lxboICO.DLL
[2002/06/11 13:34:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kui.dll
[2002/06/11 13:33:54 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\lxbo2kpm.dll
[2002/06/07 17:59:15 | 000,000,193 | ---- | C] () -- C:\WINDOWS\X84-X85_DS.ini
[2001/10/03 18:40:11 | 000,172,095 | ---- | C] () -- C:\WINDOWS\WaitPrintReg.exe
[2001/08/25 00:17:59 | 000,001,369 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2001/05/28 17:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe
[2000/10/24 14:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 14:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== LOP Check ==========

[2010/11/03 04:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bdch
[2011/05/31 11:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2007/10/14 01:40:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2007/09/17 02:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/09/02 09:55:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/01 20:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/10/09 12:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2009/09/02 10:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/05/26 11:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2009/09/02 10:07:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/09/02 10:09:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/04/02 17:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/03/17 19:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloader
[2011/05/21 15:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2008/05/16 22:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/30 02:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\firebird
[2008/03/10 20:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2011/05/31 23:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/12/08 12:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2010/05/31 21:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/05/18 21:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/12/08 12:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2010/05/23 10:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/05/31 21:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/05/31 17:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/05/31 21:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/05/21 15:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Plantronics
[2011/06/02 18:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/21 15:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/05/16 22:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/04/11 03:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 15:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/23 10:41:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
[2010/05/23 10:37:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
[2010/05/23 10:36:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2007/10/08 02:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FBDA53F5-763E-4114-A576-612E9769C133}
[2010/12/07 23:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AnvSoft
[2011/05/30 14:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Apdo
[2011/05/30 23:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Apecx
[2007/10/06 22:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Atari
[2010/02/20 11:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/09/07 10:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\BitDefender
[2008/01/01 23:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\BitTorrent
[2009/09/02 10:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Canon
[2010/11/18 20:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Canon Easy-WebPrint EX
[2010/04/02 17:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\DAEMON Tools Pro
[2009/09/03 19:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\desksware
[2008/05/22 16:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\EPSON
[2008/07/16 07:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\FileZilla
[2008/03/10 20:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\GlobalSCAPE
[2011/01/09 04:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Imprudence
[2010/12/08 12:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ImTOO
[2011/05/18 23:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Kirstens S21
[2008/01/17 04:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Leadertech
[2010/04/21 15:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Mobipocket
[2011/05/28 19:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Musicmatch
[2010/05/31 21:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Nokia
[2010/05/31 20:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\PC Suite
[2010/09/07 09:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\QuickScan
[2011/05/07 22:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\SecondLife
[2007/10/08 02:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Seven Zip
[2008/05/31 17:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Socusoft DVD Converter Professional
[2010/09/27 11:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\TeamViewer
[2010/01/10 18:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Total Immersion
[2008/01/28 15:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Uniblue
[2011/06/01 15:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\uTorrent
[2010/09/29 17:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\VoipBuster
[2011/04/29 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\VoipCheapCom
[2010/11/11 18:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Vso
[2009/09/03 19:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\WinBatch
[2009/10/20 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Windows Live Writer
[2011/06/02 18:03:46 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/06/02 18:10:24 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B6198BC7-E9FF-479A-83BD-328104AA42CA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 183 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94D099B2
@Alternate Data Stream - 10 bytes -> C:\WINDOWS\System32\LegitCheckControl.DLL:BDU

< End of report >

OTL Extras logfile created on: 6/2/2011 9:17:57 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Heather\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.50% Memory free
3.84 Gb Paging File | 2.42 Gb Available in Paging File | 63.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 32.09 Gb Free Space | 11.48% Space Free | Partition Type: NTFS

Computer Name: HOME-821F7BA77E | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe" = C:\Program Files\Ratajik Software\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\SecondLife\SecondLife.exe" = C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life -- (Linden Lab)
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster -- (VoipBuster)
"C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" = C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom -- (VoipCheapCom)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A3343C-028E-62D3-E193-AC15E8508B64}" = Catalyst Control Center Graphics Light
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{063BD2FA-85DE-0A14-F266-7BD869F719BA}" = Catalyst Control Center Graphics Full New
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0F429FF7-8C47-40D7-AF6F-D8B090233D04}" = Image Data Converter SR
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17DDDFEC-731D-9F62-D673-DD8ED30B5DE5}" = CCC Help Czech
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1C39A44F-C0C0-AEAB-AAB5-E3A2FA9C5C26}" = CCC Help Korean
"{1D440E14-5D84-5EA1-3155-75EC1E00AC63}" = Catalyst Control Center Core Implementation
"{1EF2BA09-F22C-9EFC-399B-B9A0C04D0F9A}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 22
"{2738399E-7AD3-2548-9E7F-7326AAEF5F42}" = ccc-core-preinstall
"{2859B4F6-A570-99C1-56B4-90F415EC266D}" = Catalyst Control Center Graphics Full New
"{2894C259-B270-EFAA-3131-491B261E894A}" = ccc-utility
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2E197FBA-1E75-4596-DAD5-7616FFCB4237}" = CCC Help Finnish
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F1BE41E-6134-C8BE-4259-700FA39F9AB2}" = CCC Help Japanese
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E3410B6-4FEB-4751-605F-B9EFCB5506B3}" = Catalyst Control Center Localization All
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4367BF53-8748-4122-8516-85E4375925AF}" = MixMeister CD-R Drivers
"{4386EE8E-E1D1-DA5A-F5E6-3350E5A41615}" = CCC Help Russian
"{43F9E7CC-0846-2A58-2A2A-9B2CF5F5F308}" = CCC Help German
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6B1116-E9C1-4480-41B5-35290C1EFD3B}" = ccc-core-preinstall
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{55C2B796-31E5-99AA-977C-BA3C06879366}" = CCC Help Chinese Standard
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{63D3D3FE-1F4A-91FD-AF6D-5E93CE60C411}" = CCC Help Dutch
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C2567E1-B1EB-90B7-6E58-E0728ED09B21}" = CCC Help Turkish
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D3E8703-863A-FF33-BFE2-723EB918D20D}" = Catalyst Control Center Graphics Previews Common
"{6E07B4EB-470B-394A-6603-2127288831A5}" = CCC Help Portuguese
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77C80DAB-4C40-ACD2-E645-FD3E1F05EA90}" = CCC Help English
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1" = Conquer Online 2.0
"{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}" = NVDVD
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CC5A41-2A5B-4C7A-A0E1-8ADF1A7ED376}" = Kirstens S21 2.7.8.7
"{88C9863E-5495-4D66-8B00-2644E95837C0}" = MapSonic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ACD8758-3893-AAE3-4CE2-ACBC8B87B5BB}" = ccc-utility
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8CDC6F30-D19B-1800-515A-88794F4259AC}" = CCC Help Spanish
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{97C40AD5-0859-9A9C-4D2F-AFED705AC231}" = ATI Problem Report Wizard
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F62B4D1-4070-4F7F-B032-8DFC08B80BFB}" = Plantronics Software
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1CAB1ED-0B82-BF22-E716-B3671CA0D275}" = Catalyst Control Center HydraVision Full
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B90FDADD-161A-C3E4-B9BD-CC5A74897883}" = CCC Help Hungarian
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAD2F613-2902-4978-3F38-D0B09B41504D}" = CCC Help Danish
"{BD34D9AE-B9FD-2D20-85A0-3D2C9B5C64CF}" = CCC Help French
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1DB7981-3ECA-FFFB-A015-7742243A9773}" = CCC Help English
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C994D98C-293D-4825-958E-EB684B4D413F}" = MSN Toolbar
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}" = BitDefender Total Security 2011
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D1E44702-21F5-4918-B8A3-6D126D5BD33C}" = Windows Messenger 5.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D7736EE8-AFCE-4735-BBE3-652CDFBBFCA8}_is1" = Imprudence Viewer 1.3.0
"{DA4CB999-9002-947C-4EDD-3BC523197F33}" = CCC Help Greek
"{DAE507C4-7E9E-B204-531C-A9306522D7A9}" = Catalyst Control Center Graphics Full Existing
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{DD58AC0F-CE28-B5EA-72C4-08CE056A77EA}" = Catalyst Control Center HydraVision Full
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E015C888-7269-AA4A-6040-5A2E23132898}" = ATI AVIVO Codecs
"{E06915CC-0427-9977-1566-EBD8BC532AE0}" = Catalyst Control Center Graphics Light
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6FD9B00-0A52-D152-2A66-16A6BB81E5AC}" = CCC Help Italian
"{E77774EC-8CCA-4160-9FD6-58D295D47530}" = MixMeister Pro 6 Demo
"{E7F6E774-8311-42EC-B532-5789C4A1870F}" = BigPond Media Downloader
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E9C51A7B-26A8-7463-791F-40B50F3848A1}" = Skins
"{EBC7A257-40DC-9C47-AEE0-222FB7F2E357}" = CCC Help Polish
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0949359-3DA7-52EF-50E6-FDD6B9491E2D}" = Catalyst Control Center Graphics Previews Common
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}" = Catalyst Control Center InstallProxy
"{F1E906E7-1120-428D-A124-4938C306427E}" = Palm Desktop
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5E55414-6921-858A-523D-EC8FC1464F05}" = CCC Help Swedish
"{F67CCC08-C544-A440-A47A-D60A25118CD1}" = Catalyst Control Center Core Implementation
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F84E5359-245D-88EC-5F12-86E3C4556035}" = CCC Help Thai
"{F9F0E7CC-AEC9-D92B-B0EF-8D1E34BB8DBE}" = CCC Help Norwegian
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Ultra Edition
"{FCAFE901-11AC-AC84-FDAB-E9D9CCF697D8}" = Catalyst Control Center Graphics Full Existing
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7art gravity_clock Screensaver_is1" = 7art gravity_clock © 2009 by 7art-screensavers.com
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"A123 AVI MPEG WMV ASF MOV MP4 FLV DVD Converter_is1" = A123 AVI MPEG WMV ASF MOV MP4 FLV DVD Converter 5.9
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Any FLV Player" = Any FLV Player 2.0.1
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.7
"Audacity_is1" = Audacity 1.2.6
"AVIConverter" = AVIConverter 5.1.1
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BitDefender" = BitDefender Total Security 2011
"BitTorrent" = BitTorrent 5.0.9
"Blaze Media Pro" = Blaze Media Pro
"Boilsoft ASF Converter_is1" = Boilsoft ASF Converter 2.68
"Browser Defender_is1" = Browser Defender 3.0
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"Desktop iCalendar Lite_is1" = Desktop iCalendar Lite 1.1.0
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"DiscRipper_is1" = Nuclear Coffee - DiscRipper
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"dMC Power Pack" = dMC Power Pack
"DriverAgent.exe" = DriverAgent by eSupport.com
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD-CLONER V2.35_is1" = DVD-CLONER V2.35
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio_is1" = FL Studio v7.0
"Fraps" = Fraps (remove only)
"Generic 6501 Sound" = C-Media 6501 Sound
"GoFTP_is1" = GoFTP v2
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"Ideal DVD Copy_is1" = Ideal DVD Copy V3.2.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImTOO DVD Ripper Ultimate 5" = ImTOO DVD Ripper Ultimate
"ImTOO Video Converter Ultimate 6" = ImTOO Video Converter Ultimate 6
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"LrcEdit_is1" = LrcEdit 1.0
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixMeister Fusion + Video 7.1.1_is1" = MixMeister Fusion + Video 7.1.1
"mmfvsetup_is1" = MixMeister Fusion + Video 7.0.5
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"oggcodecs" = oggcodecs 0.71.0946
"Panda ActiveScan" = Panda ActiveScan
"PC Wizard 2007_is1" = PC Wizard 2007.1.73
"PCDJRedMobile" = PCDJ Red Mobile (remove only)
"Picasa 3" = Picasa 3
"PingPlotter Standard" = PingPlotter Standard 3.30.0s
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"SAM3" = SAM Broadcaster (remove only)
"SecondLife" = SecondLife (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SHOUTcast" = SHOUTcast DNAS Server v2
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"Socusoft DVD Converter Professional_is1" = Socusoft DVD Converter Professional 3.5.9
"Spyware Doctor" = Spyware Doctor
"StationRipper" = StationRipper 2.84
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"uTorrent" = µTorrent
"VideoEdit Converter Pro" = VideoEdit Converter Pro
"Virtual Audio Cable 4.01" = Virtual Audio Cable 4.01
"VoipBuster_is1" = VoipBuster
"VoipCheapCom_is1" = VoipCheapCom
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMPG Video Convert 3.1" = WinMPG Video Convert 3.1
"WinMPG VideoConvert_is1" = WinMPG VideoConvert 9.1.7.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"WYSIWYG_Web_Builder_5" = WYSIWYG Web Builder 5.0
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"abba4f9459587ec5" = METAbolt
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2011 7:55:43 AM | Computer Name = HOME-821F7BA77E | Source = Application Error | ID = 1000
Description = Faulting application oddcastv3standalone.exe, version 0.0.0.0, faulting
module oddcastv3standalone.exe, version 0.0.0.0, fault address 0x00005d61.

Error - 5/28/2011 12:00:46 AM | Computer Name = HOME-821F7BA77E | Source = Application Hang | ID = 1002
Description = Hanging application pctsGui.exe, version 8.0.0.653, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/28/2011 6:18:26 AM | Computer Name = HOME-821F7BA77E | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.3250, faulting module
mcmpgdec.dll, version 2.0.3375.0, fault address 0x000015be.

Error - 5/30/2011 6:53:39 AM | Computer Name = HOME-821F7BA77E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2011 6:53:39 AM | Computer Name = HOME-821F7BA77E | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/30/2011 11:28:49 AM | Computer Name = HOME-821F7BA77E | Source = FirebirdGuardianDefaultInstance | ID = 212
Description =

Error - 5/31/2011 11:08:49 AM | Computer Name = HOME-821F7BA77E | Source = Application Error | ID = 1000
Description = Faulting application hitmanpro35.exe, version 3.5.8.121, faulting
module hitmanpro35.exe, version 3.5.8.121, fault address 0x00171d38.

Error - 5/31/2011 12:35:47 PM | Computer Name = HOME-821F7BA77E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 6/1/2011 1:14:49 AM | Computer Name = HOME-821F7BA77E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x05489290.

Error - 6/1/2011 1:33:38 AM | Computer Name = HOME-821F7BA77E | Source = Application Error | ID = 1001
Description = Fault bucket 1811075836.

[ System Events ]
Error - 6/2/2011 6:09:40 AM | Computer Name = HOME-821F7BA77E | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7000
Description = The LVPr2Mon Driver service failed to start due to the following error:
%%87

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7000
Description = The LVPr2Mon Driver service failed to start due to the following error:
%%87

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7000
Description = The LVPr2Mon Driver service failed to start due to the following error:
%%87

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7000
Description = The LVPr2Mon Driver service failed to start due to the following error:
%%87

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7000
Description = The LVPr2Mon Driver service failed to start due to the following error:
%%87

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7000
Description = The LVPr2Mon Driver service failed to start due to the following error:
%%87

Error - 6/2/2011 6:10:16 AM | Computer Name = HOME-821F7BA77E | Source = Service Control Manager | ID = 7023
Description = The Process Monitor service terminated with the following error: %%110


< End of report >

Anyone any ideas. I still cannot fox this virus.. Thanks

EDIT: Please be patient. There are over 320 unanswered topics in this forum at present and the current average wait time to receive help is 10 days. ~Budapest

Thanks Budapest I see there are a lot of people with a lot of issues.. I am happy to wait.. thanks

Edited by Budapest, 07 June 2011 - 04:09 PM.
Moved from AII to MRL. (deactivated live link.--ST)


BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:01 PM

Posted 09 June 2011 - 08:09 PM

Hello hsherriff and welcome to Bleeping Computer!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

I have used atf cleaner, rkill, combofix. nothing seems to have worked. I did a dns flush and I have tried check disk.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that being said, please do the following:

-------------

Please do the following:

  • Download DDS by sUBs from one of the following links. Save it to your Desktop.
    NOTE: Before scanning, make sure all other running programs are closed
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your Desktop.

-------------

Please download HijackThis from here.

Save it to a permanent folder (such as C:\HJT).

Next, open HijackThis, and select Do a system scan and save a logfile.

A Notepad document will open. Please post the contents of that document.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • DDS log
  • HijackThis log
  • Security Check checkup.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:01 PM

Posted 18 June 2011 - 09:38 PM

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. :wink:
If not, please let me know so I can close this topic.

-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:01 PM

Posted 25 June 2011 - 10:39 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users