Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP home sp3 hangs on startup (Hijack this log) Novice first post)


  • This topic is locked This topic is locked
6 replies to this topic

#1 gorselands

gorselands

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 04 July 2011 - 01:09 PM

If anyone out there can help i'd be most grateful. I have had this start up problem for months and would dearly like to sort it. But I am a relative novice who's done what he can.

Many thanks

Mike



Problem XP home sp3 hangs on startup – Initially cursor froze, desktop or opening first program. Now only black screen.–Have to reboot several times. Twice pc has rebooted itself. Can now only boot in safe mode but after running for a while can, on occasions, restart normally and everything works fine. Just powered down now and restarted normally and all ok. Sometimes have to reboot six or seven times. Now only start in SM. Maybe it is a virus, reg error or component failure but it's like my old car, once it starts it will run all day.

Had problem for months now and tested as much as I know how to:
Ran sys restore, max 3 months back, did not help. But had problem then.
Ran Avast, Malwarebytes, Spybot, Adaware, Combofix, Dr. Webcureit. No reported problems.
Msconfig – disabled all startup progs other than Avast and NvCpl, Rundll.32.exe (Nvidia)
Chkdsk – No errors
Diskmgmt – all drives healthy NTFS (recovery Fat32)
eventvwr.msc /s Only error showing is DCOM code 10005 – It doesn’t run in safe mode
Ran memtest for a few hours 100% +++++ - 0 errors
The video card tester ran for a few hours well over 100% + Results not clear as it just said 'benchmark 44' which is pretty meaningless on its own. Just didn't wobble or crash which I assumed indicated it was ok.

Windows XP Home Edition Service Pack 3 (build 2600).
2.67 gigahertz Intel Pentium 4
8 kilobyte primary memory cache
512 kilobyte secondary memory cache
Not hyper-threaded
120.02 Gigabytes Usable Hard Drive Capacity
73.42 Gigabytes Hard Drive Free Space
1280 Megabytes Usable Installed Memory
NVIDIA GeForce4 Ti 4200 with AGP8X [Display adapter]
Avance AC'97 Audio
MEDION (7134) WDM Video Capture
MPU-401 Compatible MIDI Device
System Type X86-based PC
Processor x86 Family 15 Model 2 Stepping 7 GenuineIntel ~2672 Mhz
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 11/09/2002
SMBIOS Version 2.3
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:52:39, on 04/07/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184350293437
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Google Update Service (gupdate1c99cbc9598d258) (gupdate1c99cbc9598d258) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\sfus.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 9300 bytes

Edited by hamluis, 04 July 2011 - 02:27 PM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:32 PM

Posted 19 July 2011 - 08:44 PM

Hello, and :welcome: to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :)
***************************************************

Honestly. . . I doubt this is malware. However, let's give it a look.

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on thePosted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Push the Posted Image button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.
[/list]
In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 gorselands

gorselands
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 20 July 2011 - 05:56 AM

Hi Blade,

Thanks very much for taking the time to reply. No,now I also don't think it is malware,as I have run most checkers. could be the registry or some form of intermittent component failure. I went on msconfig and enabled all services. There has been some improvement on normal startup and I thought it was fixed but after a couple of boots it has started freezing again generally the cursor when I start first program - usually email or mozilla firefox. After starting in safe mode and running PC for an hour or so restart is ok and PC works fine until the next time. This morning I let the router power up, then booted PC and left it for a while for avast to update, spamfighter to load etc. When the taskmanager showed CPU down to 2/4% started outlook express an everything is fine. On startup CPU is often hitting the 100% until everything has loaded and I don't know if this is normal. It's as if the PC has too much to do on startup and gives up the ghost at times.


Had to check another circle that wasn't in default and run again to get the extras to come up in OTL. Hope this is OK. again, many thanks.

Mike

Two logs attached

OTL logfile created on: 20/07/2011 10:58:10 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Michael Woolf\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 48.76% Memory free
2.36 Gb Paging File | 1.90 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 16.38 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
Drive D: | 46.87 Gb Total Space | 44.57 Gb Free Space | 95.10% Space Free | Partition Type: NTFS
Drive E: | 9.02 Gb Total Space | 5.98 Gb Free Space | 66.26% Space Free | Partition Type: FAT32

Computer Name: NEWPC | User Name: Michael Woolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 10:03:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Woolf\My Documents\Downloads\OTL.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/29 09:17:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/12 10:31:52 | 001,145,992 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe
PRC - [2010/11/12 10:31:30 | 000,214,664 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\sfus.exe
PRC - [2010/11/12 10:31:25 | 000,821,384 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\sfagent.exe
PRC - [2009/09/28 20:34:20 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/28 20:34:14 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/05/14 13:42:19 | 004,368,952 | ---- | M] (Prevx) -- C:\Program Files\PrevxCSI\prevxcsi.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/10/12 09:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/08/03 16:09:34 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/08/02 14:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/20 10:03:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Woolf\My Documents\Downloads\OTL.exe
MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/07/04 12:43:48 | 000,682,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswAux.dll
MOD - [2011/07/04 12:43:48 | 000,313,080 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MOD - [2011/07/04 12:43:48 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2011/07/04 12:43:48 | 000,162,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MOD - [2011/07/04 12:43:48 | 000,046,328 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MOD - [2011/07/04 12:43:47 | 000,095,232 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MOD - [2011/07/04 12:43:45 | 000,182,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashBase.dll
MOD - [2011/07/04 12:43:45 | 000,150,352 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\ashTask.dll
MOD - [2011/07/04 12:43:44 | 000,105,520 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AhAScr.dll
MOD - [2011/07/04 12:43:42 | 000,311,544 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MOD - [2011/07/04 12:43:42 | 000,070,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MOD - [2011/04/18 22:51:18 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
MOD - [2011/04/18 22:51:18 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/03/04 07:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vbscript.dll
MOD - [2010/11/20 13:23:44 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\fastprox.dll
MOD - [2008/04/14 01:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 01:12:09 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiutils.dll
MOD - [2008/04/14 01:12:08 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemcomn.dll
MOD - [2008/04/14 01:12:08 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemdisp.dll
MOD - [2008/04/14 01:12:08 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemsvc.dll
MOD - [2008/04/14 01:12:08 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wbemprox.dll
MOD - [2008/04/14 01:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sxs.dll
MOD - [2008/04/14 01:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/12 10:31:52 | 001,145,992 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2010/11/12 10:31:30 | 000,214,664 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\sfus.exe -- (SPAMfighter Update Service)
SRV - [2010/07/12 09:55:38 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/28 20:34:20 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/05/14 13:42:19 | 004,368,952 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\PrevxCSI\prevxcsi.exe -- (CSIScanner)
SRV - [2008/02/01 12:55:56 | 000,948,616 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/02/01 12:55:54 | 000,747,912 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2007/10/30 20:51:44 | 000,492,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/10/30 20:07:38 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/10/12 09:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/08/03 16:09:34 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/08/02 14:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 14:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/12/23 12:45:22 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2009/09/28 20:34:46 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/05/14 13:42:19 | 000,027,656 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2009/05/14 13:42:19 | 000,022,024 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2008/08/11 13:40:58 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:40:58 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/18 19:45:28 | 000,134,912 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2008/04/13 19:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmlane.sys -- (AtmLane)
DRV - [2008/04/13 19:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmlane.sys -- (AtmElan)
DRV - [2008/04/13 19:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 12:12:33 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/04/13 12:12:33 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 12:12:23 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/04/13 12:12:02 | 000,368,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/02/01 12:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007/12/10 14:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/12/10 14:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007/09/07 14:43:56 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007/07/30 22:25:04 | 000,198,144 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007/06/27 19:44:12 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot)
DRV - [2007/06/27 19:44:10 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2005/03/14 06:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003/02/18 06:31:50 | 000,276,450 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gwausb.sys -- (wanusb)
DRV - [2002/10/06 10:24:33 | 000,028,164 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/09/06 03:41:20 | 000,667,543 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/07/29 13:15:26 | 000,024,288 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2002/07/29 13:14:00 | 000,424,704 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
DRV - [2002/07/01 15:10:40 | 000,638,366 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2002/04/19 02:15:46 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/16 07:52:04 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/18 13:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atmuni.sys -- (Atmuni)
DRV - [2001/08/18 13:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rawwan.sys -- (Rawwan)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.co.uk
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.co.uk
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..accessibility.typeaheadfind.flashBar: 0user_pref("app.update.lastUpdateDate", 1159209566);user_pref("browser.anchor_color", "#0000FF");user_pref("browser.display.background_color", "#C0C0C0");user_pref("browser.display.screen_resolution", 96);user_pref("browser.display.use_system_colors", true);user_pref("browser.download.defaultFolder", "C:\\DOCUMENTS AND SETTINGS\\MICHAEL WOOLF\\DESKTOP");user_pref("browser.download.lastDir", "D:\\My Documents\\Gorselands Publishing\\AMAZON");user_pref("browser.download.manager.alertOnEXEOpen", true);user_pref("browser.download.manager.showAlertOnComplete", false);user_pref("browser.download.save_converter_index", 0);user_pref("browser.formfill.enable", false);user_pref("browser.history_expire_days", 20);user_pref("browser.offline", false);user_pref("browser.preferences.lastpanel", 1);user_pref("browser.search.selectedEngine", "Google");user_pref("browser.startup.homepage", "http://www.google.co.uk/");user_pref("browser.startup.homepage_override.mstone", "rv:1.7.12");user_pref("browser.visited_color", "#800080");user_pref("extensions.disabledObsolete", true);user_pref("extensions.lastAppVersion", "1.0");user_pref("extensions.update.count", 1);user_pref("extensions.update.lastUpdateDate", 1159209566);user_pref("forecastfox.current.cache", "currentcache-default.xml");user_pref("forecastfox.current.last", "1159209414359");user_pref("forecastfox.forecast.cache", "forecastcache-default.xml");user_pref("forecastfox.forecast.last", "1159205812281");user_pref("forecastfox.forecast.parts", 2);user_pref("forecastfox.links.cache", "linkscache-default.xml");user_pref("forecastfox.links.last", "1159177156062");user_pref("forecastfox.locid", "UKXX0017");user_pref("googlebar.ActionAlt", "0");user_pref("googlebar.ActionAltCtrl", "0");user_pref("googlebar.ActionAltShift", "0");user_pref("googlebar.ActionCtrl", "0");user_pref("googlebar.ActionCtrlShift", "0");user_pref("googlebar.ActionNone", "0");user_pref("googlebar.ActionShift", "0");user_pref("googlebar.LocationAlt", "0");user_pref("googlebar.LocationAltCtrl", "0");user_pref("googlebar.LocationAltShift", "0");user_pref("googlebar.LocationCtrl", "1");user_pref("googlebar.LocationCtrlShift", "1");user_pref("googlebar.LocationNone", "0");user_pref("googlebar.LocationShift", "2");user_pref("googlebar.autosearchoption", false);user_pref("googlebar.contextmenuoption", true);user_pref("googlebar.country2Search", 80);user_pref("googlebar.countryNews2Search", 0);user_pref("googlebar.hidemenuoption", false);user_pref("googlebar.history", "proquip goretex|| Set Top Box|| Set Top Box review||u switch||cookworks manufacturer||british golf open 2006 order of play||hoylake open 2006||hypochondria ||central heating +ventilation||avast +license");user_pref("googlebar.historyoption", true);user_pref("googlebar.hotkeySelectionToggles", false);user_pref("googlebar.maxHistCnt", 10);user_pref("googlebar.mycountry2Search", 0);user_pref("googlebar.mylang2Search", 0);user_pref("googlebar.querystringoption", false);user_pref("googlebar.savelastoption", false);user_pref("googlebar.search4SelectedAppends", false);user_pref("googlebar.searchoption", false);user_pref("googlebar.sortByDate", false);user_pref("googlebar.university", "");user_pref("googlebar.universityName", "");user_pref("intl.charsetmenu.browser.cache", "windows-1251, windows-1252, us-ascii, ISO-8859-15, UTF-8");user_pref("network.cookie.prefsMigrated", true);user_pref("network.http.proxy.version", "1.0");user_pref("security.enable_tls", false);user_pref("security.warn_entering_secure", false);user_pref("security.warn_leaving_secure", false);user_pref("security.warn_submit_insecure", false);user_pref("security.warn_viewing_mixed", false);user_pref("xpinstall.whitelist.add", "");user_pref("yahoo.homepage.dontask", true);user_pref("browser.startup.homepage"," http://www.mytalktalk.co.uk");user_pref("browser.startup.homepage"," http://www.mytalktalk.co.uk");


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/20 13:23:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/15 18:18:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 10:10:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/29 09:17:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 09:17:37 | 000,000,000 | ---D | M]

[2008/12/21 23:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Extensions
[2011/06/29 11:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Firefox\Profiles\o2okzzh1.default\extensions
[2005/02/21 20:46:01 | 000,000,000 | ---D | M] (ForecastFox) -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Firefox\Profiles\o2okzzh1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008/05/08 08:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Firefox\Profiles\o2okzzh1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2005/02/16 11:43:36 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Firefox\Profiles\o2okzzh1.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/03/11 21:26:08 | 000,000,000 | ---D | M] (PRGoogleBar) -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Firefox\Profiles\o2okzzh1.default\extensions\{ab6600f1-361e-489f-bb6e-f8305300e4f6}
[2008/05/08 08:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Firefox\Profiles\o2okzzh1.default\extensions\TEMP
[2010/05/26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Application Data\Mozilla\Firefox\Profiles\o2okzzh1.default\searchplugins\askcom.xml
[2011/07/19 10:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/21 11:51:07 | 000,001,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/04 17:45:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [sfagent] C:\Program Files\Fighters\sfagent.exe (SPAMfighter ApS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3604470327-3848448594-3852255402-1006\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184350293437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} http://toolbar.google.com/data/GoogleActivate.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37629.396099537 (Reg Error: Key error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael Woolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Woolf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/05 22:22:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 11:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Woolf\My Documents\Cache
[2011/07/04 23:54:20 | 001,434,112 | ---- | C] (Lavalys, Inc.) -- C:\Documents and Settings\Michael Woolf\Desktop\everest.bin
[2011/07/04 23:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Woolf\Desktop\Language
[2011/06/30 19:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/30 19:58:23 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/30 19:58:23 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 19:58:21 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/30 19:58:20 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/30 19:58:20 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/30 19:58:19 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/30 19:58:19 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/30 19:58:19 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/30 19:57:54 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/30 19:57:54 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/30 15:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/30 15:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Woolf\Start Menu\Programs\HiJackThis
[2011/06/26 12:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/06/26 12:37:29 | 008,613,040 | ---- | C] (Mozilla) -- C:\Documents and Settings\Michael Woolf\Desktop\FirefoxSetup3.6.17.exe
[2011/06/26 12:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Woolf\My Documents\startupCache
[2011/06/26 12:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/06/26 12:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\ErrorEND fix by mw
[2011/06/21 11:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Woolf\Start Menu\Programs\Cooliris
[2011/06/21 11:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Woolf\Local Settings\Application Data\Cooliris
[2011/06/20 22:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2 C:\Documents and Settings\Michael Woolf\Desktop\*.tmp files -> C:\Documents and Settings\Michael Woolf\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 10:59:42 | 000,859,392 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\cookies.sqlite-wal
[2011/07/20 10:59:31 | 002,593,206 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\XPC.mfl
[2011/07/20 10:59:22 | 000,011,263 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\blocklist.xml
[2011/07/20 10:57:10 | 005,297,730 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\sessionstore.js
[2011/07/20 10:53:10 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\places.sqlite
[2011/07/20 10:53:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\places.sqlite-journal
[2011/07/20 10:37:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/20 10:19:28 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Desktop\Shortcut to OTL.exe.lnk
[2011/07/20 10:07:52 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\downloads.sqlite
[2011/07/20 10:07:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3604470327-3848448594-3852255402-1006.job
[2011/07/20 10:07:45 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3604470327-3848448594-3852255402-1006.job
[2011/07/20 10:07:44 | 000,011,092 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\pluginreg.dat
[2011/07/20 10:05:59 | 000,019,427 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\localstore.rdf
[2011/07/20 10:05:49 | 002,243,176 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\XUL.mfl
[2011/07/20 09:59:21 | 000,055,475 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\prefs.js
[2011/07/20 09:59:19 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\cookies.sqlite-shm
[2011/07/20 09:59:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\parent.lock
[2011/07/20 09:55:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/20 09:54:38 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/20 09:54:23 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/20 09:54:17 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/20 09:54:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/20 09:54:02 | 1341,706,240 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/19 20:09:09 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\content-prefs.sqlite
[2011/07/19 20:09:07 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\cookies.sqlite
[2011/07/19 20:09:06 | 047,185,920 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\urlclassifier3.sqlite
[2011/07/19 20:09:06 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\cert8.db
[2011/07/19 20:09:06 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\key3.db
[2011/07/19 20:09:04 | 006,334,567 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\sessionstore.bak
[2011/07/19 20:09:03 | 000,017,746 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\wrcRatingStorage.json
[2011/07/19 11:10:55 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\formhistory.sqlite
[2011/07/19 10:16:24 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/18 17:50:40 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\webappsstore.sqlite
[2011/07/18 15:06:42 | 000,000,256 | -HS- | M] () -- C:\boot.ini
[2011/07/14 08:35:28 | 000,455,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 12:15:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/06 10:15:15 | 000,190,818 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\compreg.dat
[2011/07/06 10:15:11 | 000,108,590 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\xpti.dat
[2011/07/06 10:15:08 | 000,010,567 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\extensions.rdf
[2011/07/06 10:15:08 | 000,001,198 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\extensions.cache
[2011/07/06 10:15:08 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\extensions.ini
[2011/07/06 10:10:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/05 12:16:47 | 000,343,264 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/05 12:16:47 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/04 19:33:51 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Desktop\Microsoft Word.lnk
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 12:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/07/04 09:48:54 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Desktop\HiJackThis.lnk
[2011/06/30 20:36:33 | 000,013,693 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\search.json
[2011/06/30 19:58:24 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/30 15:45:48 | 000,007,216 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\mimeTypes.rdf
[2011/06/30 15:32:37 | 008,474,497 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\sessionstore-6.js
[2011/06/30 15:09:50 | 008,474,457 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\sessionstore-5.js
[2011/06/29 11:44:22 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110629_114417.reg
[2011/06/29 11:43:51 | 000,010,716 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110629_114345.reg
[2011/06/29 11:41:32 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/29 09:17:43 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\compatibility.ini
[2011/06/28 14:55:35 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/26 12:39:07 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\signons.sqlite
[2011/06/26 12:39:00 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\search.sqlite
[2011/06/26 12:38:25 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/26 12:38:25 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/26 12:37:58 | 000,906,240 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\permissions.sqlite
[2011/06/26 12:37:40 | 008,613,040 | ---- | M] (Mozilla) -- C:\Documents and Settings\Michael Woolf\Desktop\FirefoxSetup3.6.17.exe
[2011/06/26 12:18:00 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110626_121755.reg
[2011/06/26 12:17:28 | 000,013,746 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110626_121721.reg
[2011/06/26 12:09:08 | 000,393,216 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\extensions.sqlite
[2011/06/26 12:02:01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2011/06/26 11:24:49 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\addons.sqlite
[2011/06/26 11:24:49 | 000,229,944 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\addons.sqlite-journal
[2011/06/26 11:18:57 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Michael Woolf\My Documents\chromeappsstore.sqlite
[2011/06/20 22:39:32 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2 C:\Documents and Settings\Michael Woolf\Desktop\*.tmp files -> C:\Documents and Settings\Michael Woolf\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 10:56:59 | 005,297,730 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\sessionstore.js
[2011/07/20 10:19:28 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\Shortcut to OTL.exe.lnk
[2011/07/20 10:05:59 | 000,019,427 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\localstore.rdf
[2011/07/20 09:59:21 | 000,055,475 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\prefs.js
[2011/07/20 09:59:19 | 000,859,392 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\cookies.sqlite-wal
[2011/07/20 09:59:19 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\cookies.sqlite-shm
[2011/07/20 09:59:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\parent.lock
[2011/07/19 10:18:14 | 1341,706,240 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/18 15:05:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\places.sqlite-journal
[2011/07/06 10:15:08 | 000,010,567 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\extensions.rdf
[2011/07/06 10:15:08 | 000,001,198 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\extensions.cache
[2011/07/06 10:15:08 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\extensions.ini
[2011/07/04 23:54:21 | 000,011,324 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\kerneld.w9x
[2011/07/04 23:54:21 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\kerneld.wnt
[2011/07/04 23:54:20 | 001,067,681 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest.chm
[2011/07/04 23:54:20 | 000,408,066 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest.dat
[2011/07/04 23:54:20 | 000,187,904 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest_cpl.cpl
[2011/07/04 23:54:20 | 000,177,152 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest_xpicons.dll
[2011/07/04 23:54:20 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest_icons.dll
[2011/07/04 23:54:20 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest_zipdll.dll
[2011/07/04 23:54:20 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest.exe
[2011/07/04 23:54:20 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest_memlat.dll
[2011/07/04 23:54:20 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\kerneld.ia64
[2011/07/04 23:54:20 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\kerneld.amd64
[2011/07/04 23:54:20 | 000,005,220 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest.web
[2011/07/04 23:54:20 | 000,002,502 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\everest.mem
[2011/06/30 19:58:24 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/30 15:46:40 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\HiJackThis.lnk
[2011/06/30 15:45:48 | 000,007,216 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\mimeTypes.rdf
[2011/06/30 15:32:35 | 008,474,497 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\sessionstore-6.js
[2011/06/30 15:09:49 | 008,474,457 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\sessionstore-5.js
[2011/06/29 11:44:20 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110629_114417.reg
[2011/06/29 11:43:48 | 000,010,716 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110629_114345.reg
[2011/06/28 14:55:35 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/28 14:55:35 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/06/26 12:38:32 | 002,593,206 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\XPC.mfl
[2011/06/26 12:17:58 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110626_121755.reg
[2011/06/26 12:17:24 | 000,013,746 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Desktop\cc_20110626_121721.reg
[2011/06/26 12:02:00 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ErrorEND.job
[2011/06/26 11:55:41 | 000,011,092 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\pluginreg.dat
[2011/06/26 11:24:47 | 000,229,944 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\addons.sqlite-journal
[2011/06/23 18:05:15 | 002,243,176 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\My Documents\XUL.mfl
[2011/06/20 22:39:32 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/03/06 15:28:13 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/02 20:12:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/02 20:12:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/02 20:12:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/02 20:12:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/02 20:12:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/09 14:34:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2010/03/09 14:33:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\ImageServerMI.dll
[2010/03/09 14:33:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ImportClient.dll
[2009/12/21 23:21:25 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/21 17:04:04 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\edacded0.dat
[2009/07/20 17:47:40 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/19 10:16:25 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/05/04 12:20:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/16 17:48:52 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/04 17:40:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/04/27 12:08:36 | 000,001,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/29 00:29:36 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/11/08 18:52:30 | 000,007,432 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/11/07 11:49:02 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\miniPortKey.dat
[2007/11/07 11:45:39 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\WINKRNME.DLL
[2007/09/12 10:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/02/28 17:37:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Application Data\.googlewebacchosts
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 13:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/17 11:13:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2006/10/17 11:13:29 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\dslagent.exe
[2006/10/17 11:13:29 | 000,014,129 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2006/08/11 13:07:22 | 000,101,224 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2005/09/05 22:22:27 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\RunSetup.exe
[2005/02/16 11:43:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/02/16 11:43:24 | 000,099,970 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/02/16 11:42:29 | 000,004,386 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/01/07 13:59:03 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/08/24 11:20:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/04/05 18:05:41 | 000,000,295 | ---- | C] () -- C:\WINDOWS\MindMan.INI
[2003/12/08 23:12:03 | 000,003,584 | ---- | C] () -- C:\WINDOWS\VIEWS.DAT
[2003/12/08 17:52:30 | 000,001,361 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2003/06/30 15:02:29 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2003/06/25 14:09:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2003/06/25 14:08:44 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PMK_setup.ini
[2003/05/25 11:42:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2003/05/25 11:42:00 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2003/05/25 11:42:00 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2003/05/25 11:42:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2003/05/25 11:42:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2003/05/23 18:16:07 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Michael Woolf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/05/22 11:42:24 | 000,003,457 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/04/21 09:59:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/02/11 11:28:58 | 000,009,312 | ---- | C] () -- C:\WINDOWS\extend.dat
[2003/01/21 18:27:03 | 000,000,096 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2003/01/02 20:26:56 | 000,000,282 | ---- | C] () -- C:\WINDOWS\ds.INI
[2002/12/27 16:38:54 | 001,513,984 | ---- | C] () -- C:\WINDOWS\System32\Mgxrdr32.dll
[2002/12/27 16:38:54 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2002/12/27 16:38:54 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2002/12/27 16:37:37 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2002/12/13 15:08:16 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2002/12/11 22:35:23 | 000,000,033 | ---- | C] () -- C:\WINDOWS\quark.ini
[2002/12/07 18:43:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/12/07 18:22:26 | 000,006,137 | R--- | C] () -- C:\WINDOWS\System32\E1.ini
[2002/12/07 18:22:25 | 000,026,112 | R--- | C] () -- C:\WINDOWS\RunUnDrv.exe
[2002/12/07 16:54:33 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\Pixpcz.dll
[2002/12/07 16:54:33 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\Pixpnr.dll
[2002/12/07 16:54:32 | 000,004,528 | ---- | C] () -- C:\WINDOWS\System32\Setbrows.exe
[2002/10/06 14:36:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/10/06 10:57:20 | 000,000,839 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/10/06 10:31:59 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/10/06 10:20:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/10/06 10:07:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\Dit.exe
[2002/10/06 10:07:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\DitExp.exe
[2002/10/06 10:07:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2002/10/06 10:07:00 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2002/10/06 09:49:51 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/10/06 00:02:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/10/05 22:38:02 | 000,000,822 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/05 22:24:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/10/05 22:20:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/10/05 15:16:19 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/10/05 15:15:37 | 000,455,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/10/05 13:12:24 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/10/05 13:11:59 | 000,343,264 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/10/05 13:11:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/10/05 13:11:59 | 000,054,928 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/10/05 13:11:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/10/05 13:11:56 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/10/05 13:11:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/10/05 13:11:55 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/05 13:11:49 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/10/05 13:11:49 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/10/05 13:11:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1997/12/12 19:08:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\CISPMON.DLL
[1997/12/12 19:08:07 | 000,010,352 | ---- | C] () -- C:\WINDOWS\System32\BJCHAIN.DLL
[1997/08/26 01:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/08/26 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/08/26 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/26 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/10/17 18:09:42 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\GNNPOST.DLL
[1996/10/07 17:34:52 | 000,007,328 | ---- | C] () -- C:\WINDOWS\System32\GAUGE.DLL
[1996/10/07 17:34:50 | 000,068,936 | ---- | C] () -- C:\WINDOWS\System32\AOLTCP16.DLL
[1996/10/07 17:34:48 | 000,102,320 | ---- | C] () -- C:\WINDOWS\System32\AOLSHIM.EXE
[1996/10/07 09:38:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\fpwpp.dll

========== LOP Check ==========

[2009/10/02 14:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/03/11 10:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/30 19:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/11/29 00:24:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/06/26 12:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2010/11/16 16:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/02/02 20:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2006/10/04 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/12/05 14:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/12/25 12:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2007/09/20 09:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/04/13 10:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/12 15:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2007/11/29 00:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/11/11 12:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/05/19 10:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/29 11:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/21 13:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2002/12/07 18:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/11/27 20:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2010/11/16 16:18:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{6EC84E37-AC72-4404-9ED2-B16DE7E9EAEF}
[2011/06/13 11:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}(2)
[2009/01/13 11:51:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2011/06/13 12:06:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2002/10/06 10:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2008/04/13 12:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2010/11/16 16:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Fighters
[2009/09/05 09:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2002/10/06 10:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InterTrust
[2011/03/02 19:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Acronis
[2007/11/29 00:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Canon
[2009/04/15 08:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Dropbox
[2010/11/16 16:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Fighters
[2011/03/08 18:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\FreeStone Group
[2010/03/31 11:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\GARMIN
[2002/10/06 10:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\InterTrust
[2005/09/09 12:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Leadertech
[2011/03/08 11:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\MAGIX
[2007/11/13 13:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\MailWasherPro
[2003/05/25 11:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\MGI
[2002/12/12 16:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Mindjet
[2003/06/25 14:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Nikon
[2008/10/15 11:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Open Source Applications Foundation
[2008/10/29 23:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Python-Eggs
[2009/12/21 22:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Registry Mechanic
[2007/11/29 00:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\ScanSoft
[2007/08/07 14:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\SPAMfighter
[2006/10/22 09:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\SpamPal
[2011/05/24 09:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Spotify
[2009/05/15 19:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\SystemRequirementsLab
[2009/12/26 14:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\TeamViewer
[2010/01/21 13:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Trusteer
[2002/12/07 18:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Ulead Systems
[2011/03/13 18:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael Woolf\Application Data\Uniblue
[2010/01/21 16:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2011/06/26 12:02:01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/08/26 11:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/26 12:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/31 15:39:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/26 12:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/31 15:39:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/08/26 11:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/08/26 11:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/26 12:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/31 15:39:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 03:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004/08/26 12:17:01 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/31 15:39:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/08/26 11:06:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Michael Woolf\Desktop\Driver Backup 7-7-2009-125732\Primary IDE Channel\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Michael Woolf\Desktop\Driver Backup 7-7-2009-125732\Secondary IDE Channel\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/10/05 15:14:59 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2002/10/05 15:14:59 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2002/10/05 15:14:59 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >




OTL Extras logfile created on: 20/07/2011 10:58:10 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Michael Woolf\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 48.76% Memory free
2.36 Gb Paging File | 1.90 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 16.38 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
Drive D: | 46.87 Gb Total Space | 44.57 Gb Free Space | 95.10% Space Free | Partition Type: NTFS
Drive E: | 9.02 Gb Total Space | 5.98 Gb Free Space | 66.26% Space Free | Partition Type: FAT32

Computer Name: NEWPC | User Name: Michael Woolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\TalkTalk\agent\bin\bcont.exe" = C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe" = C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)
"C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe" = C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
"C:\Program Files\TalkTalk\bin\sprtcmd.exe" = C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D0AB230-E7BC-41CB-A50C-F282273E897B}" = SPAMfighter Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{765908E2-3AED-40EE-A13C-E47B2FA4C490}" = Serif DrawPlus 6.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3D5ECF7-7AE4-4B53-8A7E-1F850D6AE6B4}" = USB WEB CAMERA
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ie8" = Windows Internet Explorer 8
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Outlook Express Backup_is1" = Outlook Express Backup V6.5
"Picasa 3" = Picasa 3
"PrintMaster Express" = PrintMaster Express
"RealPlayer 12.0" = RealPlayer
"SPAMfighter" = SPAMfighter
"Spotify" = Spotify
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"USB Scanner" = USB Scanner
"Video Card Stability Test" = Video Card Stability Test
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/05/2011 03:28:06 | Computer Name = NEWPC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 13/05/2011 03:28:45 | Computer Name = NEWPC | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 01/06/2011 12:48:21 | Computer Name = NEWPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/06/2011 12:48:24 | Computer Name = NEWPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 01/06/2011 12:48:25 | Computer Name = NEWPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/06/2011 11:42:35 | Computer Name = NEWPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/06/2011 11:43:35 | Computer Name = NEWPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/06/2011 06:51:38 | Computer Name = NEWPC | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
mso.dll, version 10.0.6870.0, fault address 0x000035ed.

Error - 04/07/2011 05:10:44 | Computer Name = NEWPC | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
mso.dll, version 10.0.6870.0, fault address 0x000035ed.

Error - 19/07/2011 05:45:47 | Computer Name = NEWPC | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00890241.

[ System Events ]
Error - 19/07/2011 05:15:53 | Computer Name = NEWPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 19/07/2011 05:16:12 | Computer Name = NEWPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 19/07/2011 05:16:17 | Computer Name = NEWPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 19/07/2011 05:16:21 | Computer Name = NEWPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 19/07/2011 05:16:21 | Computer Name = NEWPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 19/07/2011 05:17:24 | Computer Name = NEWPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 19/07/2011 05:21:00 | Computer Name = NEWPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/07/2011 05:23:42 | Computer Name = NEWPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/07/2011 05:27:22 | Computer Name = NEWPC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 20/07/2011 04:54:06 | Computer Name = NEWPC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0010DCC406BF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:32 PM

Posted 20 July 2011 - 09:10 AM

Hello,

In regards to ErrorEND:

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
***************************************************

I don't see any evidence of malware on your machine. As such there's not much that I can do to help you; diagnosing and repairing issues such as yours are not my speciality. I would recommend one of two courses of action
  • Create a new topic in our Windows XP Home and Professional forum. The experts there are better equipped to assist you with this kind of issue. Please do not post a HijackThis log in your new topic; these logs are used only for malware removal analysis here. This is why this topic was moved to the malware forum.
  • Format and reinstall Windows. Since you have run a registry cleaner, there is a real possibility that it broke or corrupted the registry and is responsible for your issues. By far the simplest way to deal with this is just to reinstall. Honestly this is the path I would suggest.

Sorry I couldn't be of more help to you, especially after such a long wait.

Let me know if you've any questions.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 gorselands

gorselands
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 20 July 2011 - 12:34 PM

Hi Blade,

Thanks so much for your speedy reply. I will do as you suggest and post on the appropriate forum. At least I am now pretty sure it's not maleware. Reinstalling windows is something to look at 'though I'm not too confident about doing it and. would I lose everything?

Again Thanks


Mike

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:32 PM

Posted 20 July 2011 - 01:11 PM

Hi Mike,

Reinstalling Windows would delete everything. However, you can back up documents, images, etc beforehand.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:32 PM

Posted 25 July 2011 - 07:53 PM

Since this issue appears to be resolved ... this Topic has been closed.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users