Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 infected with searchqu -- removal possible?


  • This topic is locked This topic is locked
12 replies to this topic

#1 sykomac

sykomac

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 July 2011 - 12:14 AM

My mother recently downloaded and installed Bandoo and iLivid. When she installed them, searchqu was installed along with them.

She has now noticed that sites get hijacked by searchqu and it has made itself her home page (we can't change it).

I have uninstalled Bandoo and iLivid. I have disabled searchqu from IE's "Manage Add-Ons". It is still there.

She is worried about it now because she has had a problem with it when trying to use her online banking.

I have instructed her not to use the computer until we can get this resolved.

I have ran the following programs: Spyware Doctor with Antivirus, Malwarebytes Antimalware, SuperAntispyware, Spybot, and Hitman Pro.

All of them found some issues and fixed them; however, searchqu is still there.

I have ran DDS and GMER.

Below is the DDS log. I have also attached a ZIP file that contains the attach.txt from DDS and the ark.txt file from GMER.

I had to ZIP the files because the file from GMER was 1 meg large. Should it have been that large?

Any help would be greatly appreciated.

Please let me know if anything else is needed.

Thank you.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Paul at 19:56:20 on 2011-07-28
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1123 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SSBkgdUpdate] c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe -Embedding -boot
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
dRun: [Symantec NetDriver Warning] c:\progra~1\symantec\liveup~1\SNDWarn.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster gold 18\Remind.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://72.45.189.81:100/RemoteWeb.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135163421921
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A2D2BA69-01CF-4176-B630-32CFFF65EF0A} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{B1A5F750-2B25-48FF-9B06-469F10B414EA} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{D4D109B7-E8B4-4412-AEEC-334BE203B7E0} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\google\google~1\goec62~1.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-27 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-27 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-7-28 51984]
R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-7-28 69392]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-7-27 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-7-27 233976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-27 371472]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-27 1117144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2010-1-1 24652]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-7-27 70664]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-7-28 33552]
R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
S1 MpKslcaca1c5d;MpKslcaca1c5d;\??\c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3c76b214-a85f-46ef-aa9e-ffca941563ae}\mpkslcaca1c5d.sys --> c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{3c76b214-a85f-46ef-aa9e-ffca941563ae}\MpKslcaca1c5d.sys [?]
S2 DVC150;DVC 150B;c:\windows\system32\drivers\DVC150B.sys [2005-8-2 31924]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-9-16 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-7-28 21064]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\juliana\locals~1\temp\jnv4_mib.sys --> c:\docume~1\juliana\locals~1\temp\jnv4_mib.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\drivers\wg121nd5.sys --> c:\windows\system32\drivers\wg121nd5.sys [?]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloservicemanager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.txt=Abiewol.Tabledata
.
=============== Created Last 30 ================
.
2011-07-28 22:47:20 -------- d-----w- c:\documents and settings\paul\local settings\application data\PackageAware
2011-07-28 21:48:28 -------- d-----w- c:\documents and settings\paul\application data\SUPERAntiSpyware.com
2011-07-28 21:48:28 -------- d-----w- c:\documents and settings\all users.windows\application data\SUPERAntiSpyware.com
2011-07-28 21:47:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-28 21:37:44 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-28 21:37:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-28 21:37:02 -------- d-----w- c:\documents and settings\all users.windows\application data\Hitman Pro
2011-07-28 21:15:17 -------- d-----w- c:\documents and settings\paul\application data\searchquband
2011-07-28 21:15:17 -------- d-----w- c:\documents and settings\paul\AppData
2011-07-28 21:05:55 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-07-28 21:05:55 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-07-28 21:05:55 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-07-28 21:05:38 -------- d-----w- c:\documents and settings\paul\application data\PCTools
2011-07-28 21:03:27 -------- d-----w- c:\documents and settings\paul\application data\Malwarebytes
2011-07-28 21:01:55 -------- d-----w- c:\documents and settings\paul\application data\searchqutoolbar
2011-07-27 21:11:13 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-27 21:11:13 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-27 21:11:12 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-27 21:11:03 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-27 21:11:03 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-27 21:11:02 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-07-27 21:10:56 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-27 21:10:45 -------- d-----w- c:\program files\PC Tools Security
2011-07-27 21:10:45 -------- d-----w- c:\program files\common files\PC Tools
2011-07-27 21:09:36 -------- d-----w- c:\documents and settings\all users.windows\application data\PC Tools
2011-07-27 13:12:47 -------- dc-h--w- c:\documents and settings\all users.windows\application data\{9CD61942-8DA1-4781-925C-4FE1471E0820}
2011-07-27 13:11:47 -------- d-----w- c:\documents and settings\all users.windows\application data\boost_interprocess
2011-07-27 13:11:46 -------- d-----w- c:\program files\Windows iLivid Toolbar
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2003-11-21 15:54:42 270405 ----a-w- c:\program files\npmusicn.dll
.
============= FINISH: 20:09:05.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:51 AM

Posted 29 July 2011 - 04:22 AM

Hi sykomac,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. In your case, you have both Spyware Doctor with AntiVirus and Microsoft Security Essentials .
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".
It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Please remove one of them via Add/Remove Programs and proceed the following afterwards.



Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step2

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind 
    searchqu 
    :filefind 
    searchqu
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Step3

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Under the Standard Registry box change it to All
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:


    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    volsnap.sys
    /md5stop
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    C:\program files\common files\data\* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller log
2.SystemLook log
3.OTListIt.txt and Extra.txt Thanks

#3 sykomac

sykomac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 July 2011 - 05:46 AM

sundavis,

Thanks for the very quick reply.

I am currently at work and will not be able to try your suggestions until I get out in 5 hours.

I do have one comment though, Microsoft Security Essentials shouldn't be installed on the computer.

Last week I uninstalled it for her and then installed the Spyware Doctor.

Will that affect anything you suggest that I do to remove searchqu ?

Thanks,
Paul

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:51 AM

Posted 29 July 2011 - 08:14 AM

Hi sykomac,


Will that affect anything you suggest that I do to remove searchqu ?

If MSE have been removed, that should be fine. Please proceed. :thumbup2:

#5 sykomac

sykomac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 July 2011 - 02:20 PM

Well, I just finished doing what you outlined.

The log from TDSSKiller is below - it didn't find anything.

The log from SystemLook is after the TDSSKiller log.

When running OTL, when I pressed QuickScan, the box "All" under Standard Registry box defaulted back to Use SafeList.
So, I did a Quick Scan, I then clicked on "Run Scan" and the "All" stayed selected.

The logs from the "Quick Scan" are pasted here, below the SystemLook log.

However, just in case it makes a difference, I attached the log from the "Run Scan" in case you wanted to look at it also - it only gave me the OTL log and not the extras log.

Thank you for your help.


===== TDSSKILLER LOG =====

2011/07/29 14:28:34.0187 0284 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/07/29 14:28:35.0078 0284 ================================================================================
2011/07/29 14:28:35.0078 0284 SystemInfo:
2011/07/29 14:28:35.0078 0284
2011/07/29 14:28:35.0078 0284 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/29 14:28:35.0078 0284 Product type: Workstation
2011/07/29 14:28:35.0078 0284 ComputerName: GWEN
2011/07/29 14:28:35.0078 0284 UserName: Paul
2011/07/29 14:28:35.0078 0284 Windows directory: C:\WINDOWS
2011/07/29 14:28:35.0078 0284 System windows directory: C:\WINDOWS
2011/07/29 14:28:35.0078 0284 Processor architecture: Intel x86
2011/07/29 14:28:35.0078 0284 Number of processors: 1
2011/07/29 14:28:35.0078 0284 Page size: 0x1000
2011/07/29 14:28:35.0078 0284 Boot type: Normal boot
2011/07/29 14:28:35.0078 0284 ================================================================================
2011/07/29 14:28:37.0390 0284 Initialize success
2011/07/29 14:28:41.0359 5560 ================================================================================
2011/07/29 14:28:41.0359 5560 Scan started
2011/07/29 14:28:41.0359 5560 Mode: Manual;
2011/07/29 14:28:41.0359 5560 ================================================================================
2011/07/29 14:28:43.0968 5560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/29 14:28:44.0093 5560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/29 14:28:44.0296 5560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/29 14:28:44.0421 5560 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/29 14:28:44.0500 5560 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/07/29 14:28:44.0765 5560 AIRPLUS (8b9ccded592a52e9c27e862f11a29c4d) C:\WINDOWS\system32\DRIVERS\airplus.sys
2011/07/29 14:28:45.0062 5560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/29 14:28:45.0312 5560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/29 14:28:45.0406 5560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/29 14:28:45.0562 5560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/29 14:28:45.0671 5560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/29 14:28:45.0750 5560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/29 14:28:45.0859 5560 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/07/29 14:28:45.0875 5560 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/07/29 14:28:46.0031 5560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/29 14:28:46.0171 5560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/29 14:28:46.0250 5560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/29 14:28:46.0343 5560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/29 14:28:46.0531 5560 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
2011/07/29 14:28:46.0765 5560 CSS DVP (21704252f38914896de80c99cfd46699) C:\WINDOWS\system32\DRIVERS\css-dvp.sys
2011/07/29 14:28:46.0875 5560 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
2011/07/29 14:28:47.0093 5560 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/07/29 14:28:47.0250 5560 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/07/29 14:28:47.0343 5560 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
2011/07/29 14:28:47.0468 5560 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/07/29 14:28:47.0609 5560 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
2011/07/29 14:28:47.0671 5560 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
2011/07/29 14:28:47.0734 5560 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
2011/07/29 14:28:47.0812 5560 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
2011/07/29 14:28:47.0890 5560 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
2011/07/29 14:28:48.0109 5560 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
2011/07/29 14:28:48.0218 5560 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
2011/07/29 14:28:48.0328 5560 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/07/29 14:28:48.0421 5560 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
2011/07/29 14:28:48.0500 5560 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/07/29 14:28:48.0718 5560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/29 14:28:48.0828 5560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/29 14:28:49.0250 5560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/29 14:28:49.0484 5560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/29 14:28:49.0578 5560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/29 14:28:49.0703 5560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/29 14:28:49.0796 5560 DVC150 (f7c4761d0dad6199adc69948cb645771) C:\WINDOWS\system32\Drivers\dvc150b.sys
2011/07/29 14:28:49.0921 5560 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/29 14:28:50.0093 5560 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/07/29 14:28:50.0234 5560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/29 14:28:50.0312 5560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/29 14:28:50.0375 5560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/29 14:28:50.0437 5560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/29 14:28:50.0515 5560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/29 14:28:50.0625 5560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/29 14:28:50.0687 5560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/29 14:28:50.0765 5560 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/07/29 14:28:50.0859 5560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/29 14:28:51.0031 5560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/29 14:28:51.0187 5560 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/07/29 14:28:51.0281 5560 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/07/29 14:28:51.0359 5560 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/07/29 14:28:51.0484 5560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/29 14:28:51.0578 5560 hitmanpro35 (2306232284ab686aaaa9e82b3a668677) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/07/29 14:28:51.0734 5560 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/07/29 14:28:51.0828 5560 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/07/29 14:28:51.0921 5560 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/07/29 14:28:52.0062 5560 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/07/29 14:28:52.0156 5560 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/29 14:28:52.0265 5560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/29 14:28:52.0515 5560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/29 14:28:52.0625 5560 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/29 14:28:52.0796 5560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/29 14:28:52.0984 5560 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2011/07/29 14:28:53.0109 5560 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2011/07/29 14:28:53.0234 5560 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2011/07/29 14:28:53.0312 5560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/29 14:28:53.0375 5560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/29 14:28:53.0500 5560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/29 14:28:53.0578 5560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/29 14:28:53.0671 5560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/29 14:28:53.0781 5560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/29 14:28:53.0859 5560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/29 14:28:53.0921 5560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/29 14:28:54.0109 5560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/29 14:28:54.0234 5560 itchfltr (f905a2e4a3a8db0f8c41d90cf830b4ca) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
2011/07/29 14:28:54.0406 5560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/29 14:28:54.0812 5560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/29 14:28:54.0875 5560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/29 14:28:55.0140 5560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/29 14:28:55.0250 5560 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
2011/07/29 14:28:55.0406 5560 LCcfltr (8d26e30c111288f6f12e1903adddd3fb) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
2011/07/29 14:28:55.0515 5560 LHidFlt2 (3c357dfdbbf2b4b01aa4b9c8a26e4416) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
2011/07/29 14:28:55.0593 5560 LHidUsb (ffb851b1b2f6596b7d3182b977a85206) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
2011/07/29 14:28:55.0671 5560 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/07/29 14:28:55.0781 5560 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/29 14:28:55.0875 5560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/29 14:28:56.0093 5560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/29 14:28:56.0171 5560 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/29 14:28:56.0265 5560 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2011/07/29 14:28:56.0359 5560 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
2011/07/29 14:28:56.0421 5560 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
2011/07/29 14:28:56.0500 5560 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/07/29 14:28:56.0578 5560 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
2011/07/29 14:28:56.0687 5560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/29 14:28:56.0765 5560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/29 14:28:56.0828 5560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/29 14:28:57.0171 5560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/29 14:28:57.0250 5560 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/29 14:28:57.0375 5560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/29 14:28:57.0468 5560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/29 14:28:57.0531 5560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/29 14:28:57.0640 5560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/29 14:28:57.0734 5560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/29 14:28:57.0812 5560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/29 14:28:57.0921 5560 MxlW2k (e91fc8b52d21e38317dc61a3c7ccfa4b) C:\WINDOWS\system32\drivers\MxlW2k.sys
2011/07/29 14:28:58.0156 5560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/29 14:28:58.0250 5560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/29 14:28:58.0328 5560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/29 14:28:58.0406 5560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/29 14:28:58.0500 5560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/29 14:28:58.0593 5560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/29 14:28:58.0687 5560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/29 14:28:58.0796 5560 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
2011/07/29 14:28:58.0875 5560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/29 14:28:59.0125 5560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/29 14:28:59.0203 5560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/29 14:28:59.0281 5560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/29 14:28:59.0375 5560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/29 14:28:59.0468 5560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/29 14:28:59.0578 5560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/29 14:28:59.0671 5560 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/07/29 14:28:59.0781 5560 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/07/29 14:29:00.0421 5560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/29 14:29:00.0531 5560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/29 14:29:00.0625 5560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/29 14:29:00.0687 5560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/29 14:29:00.0812 5560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/29 14:29:00.0937 5560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/29 14:29:01.0109 5560 PCTCore (ccbbf4ddf14e779c2a63a1ca140663b3) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/07/29 14:29:01.0218 5560 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2011/07/29 14:29:01.0343 5560 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2011/07/29 14:29:01.0437 5560 pctgntdi (c5de417308364ebfa3ab3d7c4f3a3aa2) C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
2011/07/29 14:29:01.0531 5560 pctplsg (1e4312ea5117283c100a46df8b8b2432) C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys
2011/07/29 14:29:01.0640 5560 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\WINDOWS\system32\Drivers\PCTSD.sys
2011/07/29 14:29:02.0281 5560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/29 14:29:02.0375 5560 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/29 14:29:02.0468 5560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/29 14:29:02.0562 5560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/29 14:29:02.0656 5560 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/07/29 14:29:03.0062 5560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/29 14:29:03.0187 5560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/29 14:29:03.0250 5560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/29 14:29:03.0343 5560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/29 14:29:03.0437 5560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/29 14:29:03.0515 5560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/29 14:29:03.0625 5560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/29 14:29:03.0718 5560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/29 14:29:03.0859 5560 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/29 14:29:04.0000 5560 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/29 14:29:04.0062 5560 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/29 14:29:04.0203 5560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/29 14:29:04.0312 5560 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/07/29 14:29:04.0406 5560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/29 14:29:04.0515 5560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/29 14:29:04.0593 5560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/29 14:29:04.0750 5560 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/07/29 14:29:04.0921 5560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/29 14:29:05.0015 5560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/29 14:29:05.0125 5560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/29 14:29:05.0265 5560 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/29 14:29:05.0343 5560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/29 14:29:05.0437 5560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/29 14:29:06.0140 5560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/29 14:29:06.0265 5560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/29 14:29:06.0375 5560 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/07/29 14:29:06.0484 5560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/29 14:29:06.0578 5560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/29 14:29:06.0671 5560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/29 14:29:06.0765 5560 TfFsMon (5dcf578c5e1ed53f9f6cc3296d9914de) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/07/29 14:29:06.0859 5560 TfNetMon (8d18700c1ca06d7e6a9993d1935e595b) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/07/29 14:29:06.0953 5560 TFSysMon (f14140979ecd43179cab1a4d31fe8ecd) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/07/29 14:29:07.0140 5560 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/07/29 14:29:07.0234 5560 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/07/29 14:29:07.0421 5560 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/07/29 14:29:07.0500 5560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/29 14:29:07.0640 5560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/29 14:29:07.0781 5560 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/29 14:29:07.0875 5560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/29 14:29:08.0015 5560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/29 14:29:08.0171 5560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/29 14:29:08.0250 5560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/29 14:29:08.0328 5560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/29 14:29:08.0421 5560 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/29 14:29:08.0500 5560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/29 14:29:08.0578 5560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/29 14:29:08.0718 5560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/29 14:29:08.0812 5560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/29 14:29:08.0906 5560 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/07/29 14:29:09.0203 5560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/29 14:29:09.0375 5560 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/29 14:29:09.0578 5560 WmaCDriverV32 (89edec9f3cea168b666f63902c24cd56) C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
2011/07/29 14:29:09.0671 5560 WmaCVideo32 (d475efcae021f9efe0346ee8362eeef9) C:\WINDOWS\system32\DRIVERS\WmaCVideo32.sys
2011/07/29 14:29:09.0796 5560 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/29 14:29:09.0968 5560 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/07/29 14:29:10.0093 5560 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/07/29 14:29:10.0140 5560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/29 14:29:10.0281 5560 Boot (0x1200) (e1d94cd34aaaa717559a86864006c7c4) \Device\Harddisk0\DR0\Partition0
2011/07/29 14:29:10.0296 5560 ================================================================================
2011/07/29 14:29:10.0296 5560 Scan finished
2011/07/29 14:29:10.0296 5560 ================================================================================
2011/07/29 14:29:10.0312 3540 Detected object count: 0
2011/07/29 14:29:10.0312 3540 Actual detected object count: 0




==== SYSTEM LOOK Log ====

SystemLook 04.09.10 by jpshortstuff
Log created at 14:30 on 29/07/2011 by Paul
Administrator - Elevation successful

========== regfind ==========

Searching for "searchqu "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]

========== filefind ==========

Searching for "searchqu"
No files found.

-= EOF =-



=== OTL LOGS===

OTL logfile created on: 7/29/2011 2:39:53 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.94% Memory free
2.84 Gb Paging File | 1.72 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.27 Gb Total Space | 13.21 Gb Free Space | 14.16% Space Free | Partition Type: NTFS

Computer Name: GWEN | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/29 14:27:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2011/07/07 11:39:10 | 001,600,984 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/06/30 09:50:31 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/01 16:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2011/01/20 13:27:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe
PRC - [2010/03/12 13:08:54 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/11/18 04:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/11/18 04:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2009/11/17 20:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/10/22 05:29:58 | 000,116,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
PRC - [2008/08/18 17:44:03 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\SYSTEM32\Crypserv.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 17:22:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/07/17 14:05:16 | 000,064,000 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/07/09 13:54:08 | 000,177,416 | ---- | M] (Authentium, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2007/04/09 13:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CtHelper.exe
PRC - [2007/03/09 12:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
PRC - [2003/12/17 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/12/01 11:38:16 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe


========== Modules (SafeList) ==========

MOD - [2011/07/29 14:27:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2011/01/20 13:27:12 | 000,406,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010/12/15 10:06:52 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/12/17 10:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/12/17 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll
MOD - [2003/12/01 11:31:44 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll
MOD - [2003/12/01 11:31:06 | 000,005,120 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\KbdHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (ioloSystemService)
SRV - File not found [Disabled | Stopped] -- -- (ioloFileInfoList)
SRV - File not found [Disabled | Stopped] -- -- (AcrSch2Svc)
SRV - [2011/04/06 16:53:36 | 001,117,144 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 11:14:04 | 000,371,472 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/01/20 13:27:12 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/29 23:40:52 | 000,700,032 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2009/11/18 04:42:52 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/11/18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/18 17:44:03 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/07/09 13:54:08 | 000,177,416 | ---- | M] (Authentium, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/28 17:45:36 | 000,021,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/12 17:55:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/11 12:02:34 | 000,263,888 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/07/11 09:07:46 | 000,070,664 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplsg.sys -- (pctplsg)
DRV - [2011/07/11 09:05:12 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys -- (pctgntdi)
DRV - [2011/03/10 09:08:22 | 000,233,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTSD.sys -- (PCTSD)
DRV - [2011/01/20 13:27:12 | 000,069,392 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2011/01/20 13:27:12 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/01/20 13:27:12 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys -- (TfNetMon)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys -- (Tcpip6)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys -- (motccgp)
DRV - [2008/06/16 20:55:37 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/01/26 20:01:18 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/01/26 20:01:18 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2007/10/10 13:12:16 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2007/10/09 13:52:18 | 000,002,688 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmaCVideo32.sys -- (WmaCVideo32)
DRV - [2007/07/09 13:01:04 | 000,834,448 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Css-Dvp.sys -- (CSS DVP)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/12/17 13:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 13:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/12/17 13:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003/12/17 13:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003/12/17 13:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LCCFLTR.SYS -- (LCcfltr)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/14 11:50:28 | 000,031,924 | ---- | M] (Cirrus Logic Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DVC150B.sys -- (DVC150)
DRV - [2003/11/08 18:24:17 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\itchfltr.sys -- (itchfltr)
DRV - [2003/09/08 16:06:36 | 000,255,360 | ---- | M] (D-Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AIRPLUS.sys -- (AIRPLUS)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1708537768-842925246-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-842925246-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.4: C:\My Music\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: C:\My Music\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/02/08 11:31:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/21 19:27:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/23 07:33:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/28 17:43:38 | 000,000,000 | ---D | M]

[2011/07/28 19:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/05/22 10:32:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/08/23 10:00:52 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008/05/22 10:32:22 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
File not found (No name found) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/10/29 18:14:04 | 000,106,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011/07/27 09:11:47 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] File not found
O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] File not found
O4 - HKU\S-1-5-21-1708537768-842925246-725345543-1005..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1708537768-842925246-725345543-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\PrintMaster Gold 18\Remind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\My Little Pony Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\iavlsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.trendmicro.com/housecall/xscan60.cab (HouseCall Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://lazboy3d.icovia.com/PLANNER/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://72.45.189.81:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135163421921 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Owner\Application Data\iolo\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/29 14:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\tdsskiller
[2011/07/29 14:27:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2011/07/29 14:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\misc antiv stuff
[2011/07/28 19:56:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\My Documents\My Videos
[2011/07/28 19:56:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos
[2011/07/28 19:56:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Administrative Tools
[2011/07/28 18:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\PackageAware
[2011/07/28 17:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\SUPERAntiSpyware.com
[2011/07/28 17:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2011/07/28 17:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
[2011/07/28 17:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/28 17:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/28 17:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Hitman Pro 3.5
[2011/07/28 17:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2011/07/28 17:23:34 | 000,231,224 | ---- | C] (Trusteer Ltd.) -- C:\Documents and Settings\Paul\Desktop\RapportSetup.exe
[2011/07/28 17:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\searchquband
[2011/07/28 17:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\AppData
[2011/07/28 17:05:55 | 000,069,392 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2011/07/28 17:05:55 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2011/07/28 17:05:55 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2011/07/28 17:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\PCTools
[2011/07/28 17:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2011/07/28 17:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\searchqutoolbar
[2011/07/27 17:11:13 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/07/27 17:11:13 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/07/27 17:11:12 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/07/27 17:11:03 | 000,263,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/07/27 17:11:03 | 000,160,576 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/07/27 17:11:02 | 000,233,976 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/07/27 17:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PC Tools Security
[2011/07/27 17:10:56 | 000,070,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/07/27 17:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/07/27 17:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/07/27 17:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2011/07/27 09:12:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}
[2011/07/27 09:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2011/07/27 09:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2007/06/07 09:42:40 | 000,270,405 | ---- | C] (Musicnotes, Inc.) -- C:\Program Files\npmusicn.dll
[2007/04/09 13:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007/04/09 13:19:16 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/29 14:31:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/29 14:27:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2011/07/29 14:27:33 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\SystemLook.exe
[2011/07/29 14:26:48 | 001,388,094 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\tdsskiller.zip
[2011/07/29 14:22:59 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2011/07/29 14:22:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/29 14:22:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/29 10:26:33 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/07/29 09:14:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/28 18:48:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2011/07/28 17:47:47 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/28 17:45:36 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 17:43:42 | 000,000,376 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/28 17:23:36 | 000,231,224 | ---- | M] (Trusteer Ltd.) -- C:\Documents and Settings\Paul\Desktop\RapportSetup.exe
[2011/07/27 17:22:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/07/27 17:11:47 | 000,746,154 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/27 17:11:02 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2011/07/27 17:09:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/14 06:07:29 | 000,908,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 20:30:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/11 12:06:18 | 000,160,576 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/07/11 12:02:34 | 000,263,888 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/07/11 09:07:46 | 000,070,664 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/07/11 09:05:12 | 000,253,096 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/01 00:55:42 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/01 00:55:42 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/29 14:27:33 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\SystemLook.exe
[2011/07/29 14:26:45 | 001,388,094 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\tdsskiller.zip
[2011/07/28 17:47:47 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/28 17:43:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/28 17:37:44 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/27 17:11:14 | 000,746,154 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/27 17:11:02 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spyware Doctor.lnk
[2011/05/25 20:12:02 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/05/25 20:11:29 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/05/25 20:11:23 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/05/25 20:11:23 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/05/25 20:11:23 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/05/25 20:11:23 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/05/25 20:11:14 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2011/05/16 18:01:26 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2011/02/26 11:46:48 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2010/06/21 19:10:25 | 000,210,243 | ---- | C] () -- C:\WINDOWS\hpoins42.dat
[2010/06/21 19:10:25 | 000,001,159 | ---- | C] () -- C:\WINDOWS\hpomdl42.dat
[2010/06/20 21:58:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/06/20 21:39:47 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/06/19 21:38:38 | 000,117,198 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/06/19 21:38:38 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/06/19 21:31:39 | 000,116,512 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2010/06/15 17:56:52 | 000,375,945 | ---- | C] () -- C:\WINDOWS\hpoins42.dat.temp
[2010/06/15 17:56:51 | 000,001,159 | ---- | C] () -- C:\WINDOWS\hpomdl42.dat.temp
[2008/08/12 20:52:49 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D27768C8E7.sys
[2008/08/03 19:13:47 | 000,428,904 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/08/03 19:13:42 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/08/03 19:13:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/04/29 11:15:02 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1630030508.sys
[2008/01/28 21:12:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/01/28 20:22:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2007/10/30 12:03:14 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2007/09/22 20:25:07 | 000,000,432 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2007/09/22 20:20:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\iavlsp.dll.old.vvj
[2007/09/22 20:20:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\iavlsp.dll
[2007/09/22 20:20:14 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/09/22 20:20:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/09/13 16:22:27 | 000,000,626 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 13:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 13:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 13:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2007/04/09 13:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 13:24:30 | 000,325,821 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/04/09 13:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 13:21:44 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2007/04/09 13:21:28 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/04/09 13:19:44 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2007/04/09 13:19:36 | 000,241,084 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2007/04/09 13:19:36 | 000,115,166 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/04/09 13:19:20 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/04/09 13:19:20 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/04/09 13:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2007/01/10 19:31:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/04 02:39:24 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\7A3AD94952.sys
[2007/01/04 02:21:29 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/04 02:21:29 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\5249D93A7A.sys
[2006/12/31 10:40:44 | 000,002,818 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/31 10:39:18 | 000,000,086 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
[2006/11/01 19:31:43 | 000,002,924 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2006/11/01 11:26:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/10/23 12:08:40 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2006/10/03 20:16:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2006/10/03 18:43:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/10/02 10:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/08/30 18:30:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/08/11 15:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/03/17 14:06:00 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/05 07:21:33 | 000,000,016 | ---- | C] () -- C:\WINDOWS\fp_cd2.ini
[2005/12/15 22:44:17 | 000,159,701 | ---- | C] () -- C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
[2005/12/01 15:36:56 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/12/01 15:36:44 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/27 14:40:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/08/02 10:01:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/07/06 16:31:45 | 000,000,609 | ---- | C] () -- C:\WINDOWS\ereg077.dat
[2005/07/06 15:23:55 | 000,000,501 | ---- | C] () -- C:\WINDOWS\EReg104.dat
[2005/07/06 12:31:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/07/06 12:19:46 | 000,000,234 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/07/05 22:31:33 | 000,053,248 | R--- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2005/06/16 11:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/05/03 12:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 12:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 17:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2005/02/11 10:25:22 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2005/02/03 23:53:24 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/01/16 15:12:04 | 000,000,100 | RHS- | C] () -- C:\WINDOWS\didduid.ini
[2005/01/16 14:54:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2005/01/11 19:56:14 | 000,172,032 | ---- | C] () -- C:\WINDOWS\uninstalltalkittypeit.exe
[2005/01/11 19:56:13 | 000,303,104 | ---- | C] () -- C:\WINDOWS\spy.dll
[2005/01/11 19:56:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\vxddll.dll
[2005/01/11 19:56:11 | 000,245,760 | ---- | C] () -- C:\WINDOWS\dialogs.dll
[2005/01/11 19:56:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\keyboard.dll
[2005/01/11 19:56:11 | 000,094,208 | ---- | C] () -- C:\WINDOWS\guidll.dll
[2005/01/11 19:56:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\graphicsacc.exe
[2005/01/11 19:56:11 | 000,060,364 | ---- | C] () -- C:\WINDOWS\hooks.exe
[2005/01/11 19:56:11 | 000,049,152 | ---- | C] () -- C:\WINDOWS\hook.dll
[2005/01/11 19:56:10 | 000,471,040 | ---- | C] () -- C:\WINDOWS\dbengine.dll
[2005/01/11 19:56:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\commhook.dll
[2005/01/11 19:56:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\commque.dll
[2005/01/10 23:10:45 | 000,000,090 | ---- | C] () -- C:\WINDOWS\webirdsw.ini
[2004/12/22 20:15:16 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.61-8876480L.exe
[2004/10/10 17:42:15 | 000,351,297 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2004/10/01 18:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/21 18:43:20 | 000,000,110 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004/09/18 20:29:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/16 18:59:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/08 10:10:16 | 000,000,425 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2004/08/05 22:18:09 | 000,000,399 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2004/07/11 15:37:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/07/06 22:03:22 | 000,006,795 | ---- | C] () -- C:\WINDOWS\b2_t_WWW.INSIDERSLOTSECRETS.COM%2FSLOT.HTML623.xml
[2004/07/03 15:26:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_SURE+JELL.COM49.xml
[2004/07/01 15:14:38 | 000,001,433 | ---- | C] () -- C:\WINDOWS\b2_t_%22WWW.HOMECANNING.COM%22458.xml
[2004/07/01 15:14:00 | 000,003,978 | ---- | C] () -- C:\WINDOWS\b2_t_%22WWW.HOMECANNING.COM%22872.xml
[2004/07/01 15:12:51 | 000,003,970 | ---- | C] () -- C:\WINDOWS\b2_t_%22WWW.BALLPECTIN.COM%22350.xml
[2004/07/01 15:12:32 | 000,004,989 | ---- | C] () -- C:\WINDOWS\b2_t_%22WWW.BALLFRUITJELL.COM%22389.xml
[2004/07/01 15:09:43 | 000,004,026 | ---- | C] () -- C:\WINDOWS\b2_t_%22%2BWWW.BALLFRUITJELL.COM%22&209.xml
[2004/07/01 15:09:27 | 000,004,649 | ---- | C] () -- C:\WINDOWS\b2_t_%22%2BWWW.FRUITJELL.COM%22&927.xml
[2004/07/01 15:08:54 | 000,004,940 | ---- | C] () -- C:\WINDOWS\b2_t_%22%2BWWW.FRUITJELL.COM%22&582.xml
[2004/07/01 15:08:42 | 000,005,078 | ---- | C] () -- C:\WINDOWS\b2_t_%22%2BWWW.FRUITJELLPECTIN.COM%22&588.xml
[2004/07/01 15:08:40 | 000,004,062 | ---- | C] () -- C:\WINDOWS\b2_t_%22%2BWWW.FRUITJELLPECTIN.COM%22&445.xml
[2004/07/01 15:08:33 | 000,004,066 | ---- | C] () -- C:\WINDOWS\b2_t_%22%2BWWW.FRUITJELLPECTIN.COM%22&14.xml
[2004/06/28 22:47:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WWW.HOMECANNING.COM586.xml
[2004/06/21 11:55:28 | 000,005,883 | ---- | C] () -- C:\WINDOWS\b2_t_HTTPS%3A%2F%2FWWW.EVOCASH.COM%3FREFERRER%3D116228563.xml
[2004/06/21 11:54:02 | 000,005,502 | ---- | C] () -- C:\WINDOWS\b2_t_WWW.EVOCASH.COM%3FREFERRER%3D116228&935.xml
[2004/06/13 14:28:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\b2_t_WWW.BLAIR.COM980.xml
[2004/06/02 14:00:24 | 000,001,965 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/18 12:55:41 | 000,000,523 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2004/04/18 12:54:43 | 000,001,183 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/04/14 20:16:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/14 19:37:19 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/14 19:19:37 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/04/11 20:44:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/04/11 20:34:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/04/11 16:26:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/04/11 16:25:38 | 000,908,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/11/20 17:39:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/02 14:33:30 | 000,040,636 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLANGEN.bin
[2003/07/27 10:02:16 | 000,000,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO11.bin
[2003/07/25 10:24:32 | 000,000,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO0d.bin
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,444,494 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,072,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/05/18 19:04:46 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO15.bin
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 14:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/07/05 06:00:00 | 000,075,459 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2004/03/28 11:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/04/08 18:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2010/06/17 20:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/05/20 17:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/07/27 09:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2005/01/16 15:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund LLC
[2005/01/16 15:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software
[2004/08/05 22:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Interactive
[2011/05/17 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2011/07/28 17:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2009/04/12 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2008/03/02 18:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Musicnotes
[2007/11/04 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2005/11/27 19:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Riverdeep Interactive Learning Limited
[2005/01/16 14:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2011/07/29 14:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2005/07/08 11:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\The Learning Company
[2010/01/01 21:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2009/03/28 08:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/04 20:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/27 18:17:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}
[2011/02/26 11:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF0473B3-CF16-4363-9988-EEA5956AE9DA}
[2004/04/04 17:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gwen\Application Data\Jasc
[2004/04/11 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gwen\Application Data\Leadertech
[2006/08/30 18:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Juliana\Application Data\Atari
[2009/07/04 14:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Juliana\Application Data\eWoss Toolbar
[2008/06/08 10:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Juliana\Application Data\iolo
[2005/07/06 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Juliana\Application Data\Leadertech
[2004/06/25 08:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Juliana\Application Data\Lycos
[2008/01/26 20:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Acronis
[2007/09/22 20:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
[2007/12/28 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\iolo
[2008/02/04 21:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2005/04/22 23:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2010/08/13 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2010/06/14 19:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eMusic
[2009/07/04 15:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\eWoss Toolbar
[2010/05/27 20:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GARMIN
[2004/04/13 18:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2008/08/17 19:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2004/04/11 21:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/12/17 19:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lycos
[2007/01/10 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pixmantec
[2005/01/16 14:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2011/07/27 09:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchquband
[2011/07/27 09:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchqutoolbar
[2010/05/18 19:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smilebox
[2011/02/26 11:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2009/12/18 02:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Titanium Gears
[2009/05/05 15:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2007/12/18 09:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2008/02/06 21:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Acronis
[2007/03/15 12:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Aim
[2011/05/20 06:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CoreFTP
[2009/11/11 19:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\eMusic
[2011/05/20 06:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\FileZilla
[2008/08/11 18:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\iolo
[2011/07/28 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Lycos
[2011/07/28 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\PCTools
[2011/07/28 17:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchquband
[2011/07/28 17:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchqutoolbar
[2010/01/01 21:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Viewpoint
[2008/02/06 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ZipGenius
[2011/07/28 18:48:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2003/07/16 16:28:11 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2002/08/29 07:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002/08/29 07:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\SYSTEM32\DRIVERS\volsnap.sys
[2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=6FDC9523EF81617CF5028F47FCAF0FBE -- C:\I386\VOLSNAP.SYS
[2004/08/04 02:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002/08/29 07:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2007/04/08 18:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
[2009/11/11 17:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2010/06/17 20:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/02/04 21:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2006/10/23 18:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2011/05/20 17:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
[2011/07/27 09:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2005/01/16 15:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund LLC
[2005/01/16 15:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software
[2004/08/05 22:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Disney Interactive
[2011/05/17 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverCure
[2009/03/28 16:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2011/07/11 13:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
[2011/07/28 17:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/06/18 20:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
[2010/06/14 19:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Photo Creations
[2010/06/18 20:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Product Assistant
[2005/01/16 15:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
[2009/02/16 20:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit
[2009/04/12 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
[2007/12/06 19:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak
[2008/08/03 17:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2010/06/20 19:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/07/27 17:08:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2011/07/13 20:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2008/02/06 21:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
[2008/03/02 18:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Musicnotes
[2007/11/04 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2011/07/27 17:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2010/01/01 13:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
[2010/06/18 20:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
[2011/07/28 17:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
[2008/02/06 21:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickTime
[2005/11/27 19:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Riverdeep Interactive Learning Limited
[2005/01/16 14:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2008/02/06 21:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sonic
[2010/06/20 20:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2011/07/28 17:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/01/01 13:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
[2011/07/29 14:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2005/07/08 11:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\The Learning Company
[2006/08/11 08:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
[2010/01/01 21:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2010/06/14 19:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
[2005/12/01 14:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/10/27 10:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2009/03/28 08:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/04 20:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/27 18:17:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}
[2011/02/26 11:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF0473B3-CF16-4363-9988-EEA5956AE9DA}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2011/07/10 08:28:04 | 003,017,853 | ---- | M] (Bandoo Media Inc. ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe
[2011/02/14 21:28:04 | 005,253,628 | ---- | M] (Stamps.com, Inc. ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF0473B3-CF16-4363-9988-EEA5956AE9DA}\stamps.exe
[2010/02/04 20:42:20 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
[2010/02/04 20:38:25 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
[2008/02/06 21:24:32 | 000,593,920 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software\Print\iftw.exe
[2008/02/06 21:24:33 | 000,069,632 | ---- | M] (T.L.C.P.P. L.L.C.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software\Print\vroomsap.exe
[2011/07/28 06:00:30 | 000,527,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2010/02/08 11:30:37 | 000,033,558 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
[2010/01/13 10:28:38 | 000,079,856 | ---- | M] (Google) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
[2009/10/14 20:08:44 | 000,308,720 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Photo Creations\PhotoProductCore.exe
[2011/02/28 10:51:27 | 000,242,976 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
[2007/09/20 05:09:18 | 000,034,080 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
[2007/09/20 05:09:18 | 000,034,080 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
[2007/09/20 05:09:18 | 000,034,080 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
[2008/02/06 21:24:52 | 002,024,840 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_140002_2635325\Setup.exe
[2008/02/06 21:24:52 | 002,024,840 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_140002_31d8cd\Setup.exe
[2008/02/06 21:24:52 | 002,024,840 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_140002_340d8f\Setup.exe
[2008/02/06 21:24:52 | 001,228,800 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_140010_195b4c7\Setup.exe
[2008/02/06 21:24:52 | 001,228,800 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_140010_19875eb\Setup.exe
[2008/02/06 21:24:53 | 001,228,800 | R--- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$SETUP_140010_2815b\Setup.exe
[2008/02/06 21:24:54 | 014,813,832 | ---- | M] (Apple Computer, Inc. ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\bonjour\BonjourSetup.exe
[2008/02/06 21:24:54 | 000,167,936 | ---- | M] (kodak) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\CCS\CCSStop.exe
[2008/02/06 21:24:59 | 000,077,824 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
[2008/02/06 21:25:04 | 000,069,632 | ---- | M] (EASTMAN KODAK) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\Ksu\ksustop.exe
[2011/07/27 18:26:30 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010/06/18 19:57:06 | 002,605,008 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
[2011/07/27 17:10:23 | 040,257,528 | ---- | M] (PC Tools ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools\DownloadManager\Spyware Doctor with AntiVirus8.0\sdasetup_en_dl.exe

< %APPDATA%\*. >
[2008/02/06 21:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Acronis
[2008/02/20 20:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Adobe
[2007/03/15 12:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Aim
[2006/07/31 12:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Apple Computer
[2006/07/31 12:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Arcsoft
[2011/05/20 06:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CoreFTP
[2009/03/08 18:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Corel Photo Album
[2009/11/11 19:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\eMusic
[2011/05/20 06:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\FileZilla
[2006/05/07 16:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Google
[2004/09/18 07:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Help
[2007/11/14 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\HP
[2011/07/29 14:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\HPAppData
[2004/04/14 20:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Identities
[2007/11/04 15:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\InstallShield
[2008/08/11 18:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\iolo
[2004/09/21 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Jasc Software Inc
[2011/07/28 18:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Lycos
[2004/04/15 06:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Macromedia
[2011/07/28 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2009/03/30 16:16:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Paul\Application Data\Microsoft
[2009/11/11 19:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla
[2011/07/28 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\PCTools
[2006/08/05 20:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Real
[2007/11/04 18:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Roxio
[2011/07/28 17:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchquband
[2011/07/28 17:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchqutoolbar
[2004/06/06 19:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Sonic
[2011/07/28 17:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\SUPERAntiSpyware.com
[2004/09/21 18:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Symantec
[2010/01/01 21:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Viewpoint
[2009/11/11 19:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Yahoo!
[2008/02/06 21:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ZipGenius

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >
[2010/06/20 19:32:44 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/06/20 19:33:46 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< C:\program files\common files\data\* /s >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/04/11 16:25:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/04/11 16:25:03 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/04/11 16:25:03 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/07/28 17:45:36 | 000,021,064 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2011/07/11 12:06:18 | 000,160,576 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
[2011/07/11 12:02:34 | 000,263,888 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys
[2011/07/11 09:05:12 | 000,253,096 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys
[2011/07/11 09:07:46 | 000,070,664 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:96B35E19
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

< End of report >


OTL Extras logfile created on: 7/29/2011 2:39:53 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.94% Memory free
2.84 Gb Paging File | 1.72 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.27 Gb Total Space | 13.21 Gb Free Space | 14.16% Space Free | Partition Type: NTFS

Computer Name: GWEN | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"9100:TCP" = 9100:TCP:*:Enabled:PORT_9100_TCP
"161:UDP" = 161:UDP:*:Enabled:PORT_161_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS6ECF\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS6ECF\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS4CAA\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS4CAA\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS4F5F\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS4F5F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS19CD\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS19CD\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS1EA4\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS1EA4\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS1DAA\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS1DAA\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS3561\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS3561\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\{4D12EB25-2908-4204-BB98-06BD9C588E28}\setup\hpznui01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\{4D12EB25-2908-4204-BB98-06BD9C588E28}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe" = C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application -- (Jasc Software)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"G:\PHS ENTERTAINMENT DEPARTMENT\Physics of Blocks\More Physics.exe" = G:\PHS ENTERTAINMENT DEPARTMENT\Physics of Blocks\More Physics.exe:*:Enabled:More Physics
"C:\Program Files\Soldout\3D Dino\dino.exe" = C:\Program Files\Soldout\3D Dino\dino.exe:*:Enabled:dino
"C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe" = C:\Program Files\Atari-Infogrames\Roller Coaster Tycoon 2\rct2.exe:*:Enabled:rct2
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" = C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:*:Enabled:iolo Firewall®
"C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" = C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:*:Enabled:iolo AntiVirus®
"C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe" = C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS6ECF\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS6ECF\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS4CAA\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS4CAA\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS4F5F\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS4F5F\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS19CD\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS19CD\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe:*:Enabled:hpqthb08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS1EA4\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS1EA4\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS1DAA\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS1DAA\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS3561\setup\hpznui01.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS3561\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe" = C:\Program Files\Hewlett-Packard\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\{4D12EB25-2908-4204-BB98-06BD9C588E28}\setup\hpznui01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\{4D12EB25-2908-4204-BB98-06BD9C588E28}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0F147D8F-2219-4078-AE2D-C5ACFF8DCA68}" = The Letters
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{15E289CE-7F02-4841-85A5-B3C6254636FC}" = PS_AIO_06_C309n-s_SW_Min
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{256E1183-6D06-4394-9878-10CF28440EE6}_is1" = Cutter 4
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{4D12EB25-2908-4204-BB98-06BD9C588E28}" = HP Photosmart Prem-Web C309n-s All-in-One Driver Software 14.0 Rel. 6
"{4FA46975-176F-457A-A09C-DBD0CBDA65F3}" = PrintMaster 16
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65C1C87A-02D9-4557-BC0D-131F1C419D61}" = Britannica Almanac 2005 CD
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7AE05271-5CBB-48D7-9B72-FDB4FD57EA4D}" = Polaroid iZone PhotoBase
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F30EEFF-F967-47CF-9643-ADF172AFED71}" = Avery Wizard 3.1
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8495271C-707A-4AD8-9DC0-35762834A379}" = Corel Photo Album Additional Content
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89D66BFE-99BC-45AE-82A6-7F867DCCF71E}" = C309n-s
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{93A3C001-0B9D-4BBB-BE77-FF3768649E5F}" = CSPlus
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ADD209A3-C05A-4988-B4CD-65B6B582F911}" = PrintMaster Gold 18
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCCBE608-5C44-4507-AE11-55B36AE0E41B}" = The Print Shop Business Card Creator
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C17F3696-8EE5-46B0-ADD7-7F5ED6208879}" = Music Oasis
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}" = Authentium AntiVirus SDK - 2
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CC60A7A1-B7E4-4CBC-833B-6ED7F3859884}" = TurboTax 2008 wmeiper
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}" = D-Link AirPlus
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDDD0C4B-57F7-4A85-ACF0-DB3FC8F1DBB4}" = Dragon NaturallySpeaking 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EA9A2BDE-D702-4B64-9C03-588409F82F81}" = Sapi
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 5.5.1.383
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6318740-3D9E-40AB-B3C9-13576CC66A95}" = ArcSoft Software Suite
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOL Instant Messenger" = AOL Instant Messenger
"AudioConSole" = Creative Audio Console
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Encyclopaedia Britannica 2005 Ready Reference CD" = Encyclopaedia Britannica 2005 Ready Reference CD
"Encyclopædia Britannica Profiles : Dinosaurs CD-ROM" = Encyclopædia Britannica Profiles : Dinosaurs CD-ROM
"Encyclopædia Britannica Profiles : U.S. Presidents CD-ROM" = Encyclopædia Britannica Profiles : U.S. Presidents CD-ROM
"Encyclopædia Britannica Profiles : World Religions CD-ROM" = Encyclopædia Britannica Profiles : World Religions CD-ROM
"Encyclopaedia Britannica Student Library CD" = Encyclopaedia Britannica Student Library CD
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Focus Magic_is1" = Focus Magic 3.02
"Google Desktop" = Google Desktop
"Google Pack Screensaver" = Google Pack Screensaver
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"InstallShield_{7F30EEFF-F967-47CF-9643-ADF172AFED71}" = Avery Wizard 3.1
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MiaMath" = MiaMath
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miuchiz - Planet Mion" = Miuchiz - Planet Mion
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"Outlook Recovery Toolbox_is1" = Outlook Recovery Toolbox 1.7
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Connections Drivers
"RawShooter essentials 2005" = RawShooter essentials 2005
"RealPlayer 6.0" = RealPlayer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Special Internet Offers" = Special Internet Offers
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Stamps.com" = Stamps.com
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair v4.5
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows SR 2.0" = Windows SR 2.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2011 8:38:15 AM | Computer Name = GWEN | Source = MsiInstaller | ID = 11921
Description = Product: Authentium AntiVirus SDK - 2 -- Error 1921. Service 'dvpapi'
(DvpApi) could not be stopped. Verify that you have sufficient privileges to stop
system services.

Error - 7/27/2011 9:13:01 AM | Computer Name = GWEN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2011 4:40:01 PM | Computer Name = GWEN | Source = MsiInstaller | ID = 11921
Description = Product: Authentium AntiVirus SDK - 2 -- Error 1921. Service 'dvpapi'
(DvpApi) could not be stopped. Verify that you have sufficient privileges to stop
system services.

Error - 7/27/2011 4:48:12 PM | Computer Name = GWEN | Source = MsiInstaller | ID = 11921
Description = Product: Authentium AntiVirus SDK - 2 -- Error 1921. Service 'dvpapi'
(DvpApi) could not be stopped. Verify that you have sufficient privileges to stop
system services.

Error - 7/27/2011 5:08:39 PM | Computer Name = GWEN | Source = Microsoft Security Client | ID = 1001
Description =

Error - 7/27/2011 5:25:30 PM | Computer Name = GWEN | Source = MsiInstaller | ID = 11921
Description = Product: Authentium AntiVirus SDK - 2 -- Error 1921. Service 'dvpapi'
(DvpApi) could not be stopped. Verify that you have sufficient privileges to stop
system services.

Error - 7/27/2011 5:33:40 PM | Computer Name = GWEN | Source = MsiInstaller | ID = 11921
Description = Product: Authentium AntiVirus SDK - 2 -- Error 1921. Service 'dvpapi'
(DvpApi) could not be stopped. Verify that you have sufficient privileges to stop
system services.

Error - 7/28/2011 5:46:30 PM | Computer Name = GWEN | Source = sdCoreService | ID = 0
Description =

Error - 7/29/2011 12:07:18 PM | Computer Name = GWEN | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
0x350052e5.

Error - 7/29/2011 2:39:25 PM | Computer Name = GWEN | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.26.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 5/23/2011 11:56:41 AM | Computer Name = GWEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 9139
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 7/6/2011 8:01:56 PM | Computer Name = GWEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/29/2011 12:07:11 PM | Computer Name = GWEN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 85
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/28/2011 6:28:53 PM | Computer Name = GWEN | Source = Service Control Manager | ID = 7000
Description = The DVC 150B service failed to start due to the following error: %%1058

Error - 7/28/2011 6:47:23 PM | Computer Name = GWEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/28/2011 8:15:38 PM | Computer Name = GWEN | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 7/29/2011 1:15:53 AM | Computer Name = GWEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/29/2011 1:15:54 AM | Computer Name = GWEN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack
1 Redistributable Package (KB2538243).

Error - 7/29/2011 9:14:26 AM | Computer Name = GWEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/29/2011 9:14:27 AM | Computer Name = GWEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/29/2011 9:14:43 AM | Computer Name = GWEN | Source = Service Control Manager | ID = 7000
Description = The DVC 150B service failed to start due to the following error: %%1058

Error - 7/29/2011 9:17:26 AM | Computer Name = GWEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 7/29/2011 2:23:39 PM | Computer Name = GWEN | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}


< End of report >

Attached Files

  • Attached File  OTL2.Txt   220.56KB   0 downloads


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:51 AM

Posted 29 July 2011 - 07:13 PM

Hi sykomac,




Uninstall Spybot - Search & Destroy via Add/Remove Programs for temporarily, it may interfere with our fix during the clean process. Then install the latest java from this thread . After that, please proceed the following:


Step1

  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    PRC - [2011/06/01 16:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] File not found
    O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\My Little Pony Registration.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
    O15 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    [2011/07/10 08:28:04 | 003,017,853 | ---- | M] (Bandoo Media Inc. ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe
    [2011/07/27 09:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchquband
    [2011/07/27 09:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchqutoolbar
    [2011/07/28 17:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchquband
    [2011/07/28 17:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchqutoolbar
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    
    :Files
    C:\Program Files\Windows iLivid Toolbar
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.


Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3

  • Go here to run an online scannner from ESET and Save the file to your Desktop.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install.
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic and also let me know how things are now.


In your next reply, please post back:

1.OTL delete log
2.Eset Online Scanner Report

Let me know if you have any remaining issues on your pc.

Edited by sundavis, 30 July 2011 - 12:02 AM.


#7 sykomac

sykomac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 July 2011 - 10:46 PM

Well, I was not able to update to the latest Java. I got an error about Windows Installer. Either it could not be started or was installed incorrectly. Not sure of the exact wording at the moment.

Anyway, I went ahead and ran OTL. It is currently still "Resetting HOSTS file". It has been on that for over 2 hours so far.

Should it be "Resetting HOSTS file" for that long? Should I let it run? If it is stuck, is it safe to force restart the computer?

Thanks,
Paul

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:51 AM

Posted 29 July 2011 - 11:28 PM

Hi sykomac,



I got an error about Windows Installer...

Please check this this thread . Hope that helps

It is currently still "Resetting HOSTS file..

Press Ctrl+Alt+Del and Windows Task Manager should prompt. On Applciation tap, please click on OTL and press End task. Please uninstall "iLivid" and "Windows iLivid Toolbar" (if still present) via Add/Remove Programs before proceeding the following:


Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    PRC - [2011/06/01 16:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
    O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] File not found
    O4 - HKU\S-1-5-18..\Run: [Symantec NetDriver Warning] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\My Little Pony Registration.lnk = File not found
    O4 - Startup: C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
    O15 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1708537768-842925246-725345543-1005\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    [2011/07/10 08:28:04 | 003,017,853 | ---- | M] (Bandoo Media Inc. ) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe
    [2011/07/27 09:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchquband
    [2011/07/27 09:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchqutoolbar
    [2011/07/28 17:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchquband
    [2011/07/28 17:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\searchqutoolbar
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe"=-
    
    :Files
    C:\Program Files\Windows iLivid Toolbar
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.

Edited by sundavis, 30 July 2011 - 12:33 AM.


#9 sykomac

sykomac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 30 July 2011 - 06:25 AM

Ok, so I got Java installed.

I ran OTL and the log is pasted below.

I think the first time I ran OTL it took care of a lot of stuff because I see a lot of "NOT FOUND" in this new log.

Let me know.

Thanks,
Paul


All processes killed
========== OTL ==========
No active process named datamngrUI.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-842925246-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-842925246-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec NetDriver Warning not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec NetDriver Warning not found.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\My Little Pony Registration.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk scheduled to be moved on reboot.
Registry key HKEY_USERS\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry value HKEY_USERS\S-1-5-21-1708537768-842925246-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\datamngr.dll deleted successfully.
File c:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\wi371a~1\datamngr\iebho.dll deleted successfully.
File c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
File C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe not found.
Folder C:\Documents and Settings\Owner\Application Data\searchquband\ not found.
Folder C:\Documents and Settings\Owner\Application Data\searchqutoolbar\ not found.
Folder C:\Documents and Settings\Paul\Application Data\searchquband\ not found.
Folder C:\Documents and Settings\Paul\Application Data\searchqutoolbar\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe not found.
========== FILES ==========
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows iLivid Toolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gwen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Juliana
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34674 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Paul
->Temp folder emptied: 31315584 bytes
->Temporary Internet Files folder emptied: 14582532 bytes
->Flash cache emptied: 677 bytes

User: RawShooter essentials 2005 1.0

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 270940 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 100198056 bytes

Total Files Cleaned = 140.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: Gwen
->Flash cache emptied: 0 bytes

User: Juliana
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: Owner
->Flash cache emptied: 0 bytes

User: Paul
->Flash cache emptied: 0 bytes

User: RawShooter essentials 2005 1.0

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07302011_071815

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk not found!
File\Folder C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\My Little Pony Registration.lnk not found!
File\Folder C:\Documents and Settings\Juliana\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DF36C4.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DF36E4.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DF4DD9.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DF4DF9.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DF4E48.tmp not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\~DF4E68.tmp not found!
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\HEWEFT01\page__pid__2352685[1].htm moved successfully.
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:51 AM

Posted 30 July 2011 - 08:14 AM

Hi sykomac,


I see a lot of "NOT FOUND" in this new log...

That's normal. Since Windows iLivid toolBar has been removed, those entries should be gone. We deliberately deploy those entries in OTL fix to ensure all malicious entries should be terminated once and for all. :thumbup2:

Please post Eset Online Scanner Report when you're ready and advise me how your pc is running now.

#11 sykomac

sykomac
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 30 July 2011 - 08:31 PM

PC is running good now.

ESET report is below.

Thank you for all the help you have given to me.



C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\RECYCLER\S-1-5-21-1708537768-842925246-725345543-1004\Dc25.exe a variant of Win32/Adware.Toolbar.Shopper.AA application deleted - quarantined
C:\RECYCLER\S-1-5-21-1708537768-842925246-725345543-1004\Dc26.exe a variant of Win32/Adware.Toolbar.Shopper.AA application deleted - quarantined
C:\System Volume Information\_restore{F20CB433-7137-4CA7-A3B5-279EAE907308}\RP2263\A0376307.dll probably a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F20CB433-7137-4CA7-A3B5-279EAE907308}\RP2275\A0378286.EXE Win32/Adware.WBug.A application deleted - quarantined
C:\System Volume Information\_restore{F20CB433-7137-4CA7-A3B5-279EAE907308}\RP2275\A0378287.exe a variant of Win32/Adware.Toolbar.Shopper.AA application deleted - quarantined
C:\System Volume Information\_restore{F20CB433-7137-4CA7-A3B5-279EAE907308}\RP2275\A0378288.exe a variant of Win32/Adware.Toolbar.Shopper.AA application deleted - quarantined

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:51 AM

Posted 30 July 2011 - 09:10 PM

Hi sykomac,




All your problems go to adware toolbar, and now you're clear of malware. :thumbsup: If you have no remaining issues on your pc, lets do some tidy up and you should be good to go.


Step1

  • Start OTL from your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.
    :Commands
    [CLEARALLRESTOREPOINTS]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    
  • Click Run Fix button on the top. After reboot, please do the following:
  • Double click OTL and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:51 AM

Posted 01 August 2011 - 09:26 PM

Since this issue appears resolved ... this Topic is closed. Glad to have helped. Everyone else please begin a New Topic.

Edited by sundavis, 01 August 2011 - 09:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users