Solved Win32/zbot.g virus on computer - can't update Windows

Status
Not open for further replies.
R

rockyrob

Posts: 21   +0
Hi.

I've been working my computer scanning software for the past 2 days to try and remove the zbot.g virus from my computer.

It started after having Google re-direct my clicked web pages, then within minutes I could not access any spyware/AV software apart from Malwarebytes Anti-Malware, which found some issues and that gave me access to the run the other spyware/AV programmes.

AVG picked up some 2000+ infections all around my computer.
I cleaned it out using CCleaner and I lost a lot of software in the process (all re-loaded again through).
I have ran the ESET scanner which picked up just a handful of issues, but that was all cleared.
I downloaded the Windows Safety Scanner and let it run this morning and it picked up some 4400+ infections, but the majority was within the c:\System Volume Information\_restore folder

I've re-ran it again and it seems to be clear (for now).

Now the Windows icon pop up on the task bar saying that the Automatic Updates is turned off. Going into the Control Panel, it's saying that Automatic Updates are actually switched on.
I've tried running the Windows Update manually (finding it on the Microsoft website) but it comes up with the Error number: 0x80070424.

I am also getting up can't find '?square icon' in the registry when I start up the computer.



Here are my logs as requested.


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7377

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/08/2011 18:37:38
mbam-log-2011-08-04 (18-37-38).txt

Scan type: Quick scan
Objects scanned: 196090
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-04 19:33:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332063 rev.3.AD
Running: y0ud715w.exe; Driver: C:\DOCUME~1\Robin\LOCALS~1\Temp\pxtdypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
My computer shut itself down on the first attempt of this programme

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Robin at 19:55:44 on 2011-08-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.450 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\robin\local settings\application data\ygpafppq\hmempsyh.exe,
uWindows: load=?
uWindows: Run=?
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\robin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\robin\startm~1\programs\access~1\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193693666062
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193693595625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2009-8-5 8576]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-8 54752]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-1-12 13696]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-1-12 13568]
R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [2006-10-25 41600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 1025352]
S3 DellBIOS;DellBIOS;\??\c:\docume~1\robin\locals~1\temp\dellbios.sys --> c:\docume~1\robin\locals~1\temp\DellBIOS.Sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-22 135664]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2005-3-4 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [2005-3-4 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [2005-3-4 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2005-3-4 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [2005-3-4 77072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-9 41272]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2010-12-7 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2010-12-7 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2010-12-7 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2010-12-7 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2010-12-7 98568]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-08-04 16:00:54 -------- d-----w- c:\windows\system32\MpEngineStore
2011-08-03 17:16:16 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-08-03 16:15:42 -------- d-----w- c:\documents and settings\robin\local settings\application data\WinZip
2011-08-03 11:05:14 -------- d-----w- c:\program files\ESET
2011-08-03 10:06:23 -------- dc-h--w- c:\windows\ie8
2011-08-02 21:05:50 -------- d-----w- c:\program files\ATI
2011-08-02 21:04:18 -------- d-----w- C:\ATI
2011-08-02 19:56:14 -------- d-----w- c:\documents and settings\robin\local settings\application data\Sun
2011-08-02 16:42:46 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2011-08-02 16:42:45 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-08-02 16:42:45 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-08-02 16:42:45 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-08-02 16:14:56 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-08-02 16:14:56 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-08-02 16:14:56 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-08-02 16:14:56 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-08-02 15:56:09 -------- d-----w- c:\documents and settings\all users\Uniblue
2011-08-02 15:53:03 -------- d-----w- c:\documents and settings\robin\local settings\application data\OpenCandy
2011-08-02 15:52:04 -------- d-----w- c:\documents and settings\robin\application data\OpenCandy
2011-08-02 14:17:00 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-08-02 14:05:17 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-02 14:05:14 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-02 13:36:52 -------- d-----w- c:\documents and settings\robin\local settings\application data\uTorrent
2011-08-02 13:16:50 -------- d-----w- c:\program files\FileHippo.com
2011-08-01 14:21:11 -------- d-----w- c:\documents and settings\robin\local settings\application data\ygpafppq
2011-07-25 08:56:52 -------- d-----w- c:\program files\BBC iPlayer Desktop
2011-07-22 20:56:26 -------- d-----w- c:\documents and settings\robin\application data\uTorrent
2011-07-11 10:13:20 3727360 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-07-08 15:34:00 -------- d-----w- c:\documents and settings\robin\application data\Wiva
2011-07-08 15:34:00 -------- d-----w- c:\documents and settings\robin\application data\Alnyox
.
==================== Find3M ====================
.
2011-08-02 14:16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-02 14:16:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-08-02 14:04:36 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 18:50:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-11-06 10:55:58 748344 ----a-w- c:\program files\Filemon.exe
.
============= FINISH: 19:56:49.70 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 25/10/2006 19:54:07
System Uptime: 04/08/2011 19:51:48 (0 hours ago)
.
Motherboard: Dell Inc. | | 0WG855
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2127/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 105.012 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 11.849 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6500c
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6500c
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP899: 06/05/2011 16:26:01 - System Checkpoint
RP900: 07/05/2011 16:27:28 - System Checkpoint
RP901: 08/05/2011 16:52:40 - System Checkpoint
RP902: 08/05/2011 20:19:39 - Software Distribution Service 3.0
RP903: 09/05/2011 20:21:54 - Installed Lyrics Plugin for Windows Media Player
RP904: 10/05/2011 20:38:32 - System Checkpoint
RP905: 11/05/2011 21:00:24 - Software Distribution Service 3.0
RP906: 13/05/2011 20:07:47 - System Checkpoint
RP907: 15/05/2011 11:48:06 - System Checkpoint
RP908: 16/05/2011 17:07:13 - System Checkpoint
RP909: 17/05/2011 17:37:04 - System Checkpoint
RP910: 19/05/2011 12:26:17 - System Checkpoint
RP911: 20/05/2011 20:16:28 - Installed Google SketchUp 8
RP912: 20/05/2011 20:24:36 - Installed AVG 2011
RP913: 20/05/2011 20:32:34 - Removed AVG 2011
RP914: 21/05/2011 20:57:23 - System Checkpoint
RP915: 25/05/2011 19:28:17 - System Checkpoint
RP916: 26/05/2011 19:49:46 - System Checkpoint
RP917: 28/05/2011 18:07:15 - System Checkpoint
RP918: 29/05/2011 18:16:44 - System Checkpoint
RP919: 06/06/2011 11:35:27 - System Checkpoint
RP920: 07/06/2011 12:54:52 - System Checkpoint
RP921: 08/06/2011 16:37:14 - System Checkpoint
RP922: 09/06/2011 17:02:27 - System Checkpoint
RP923: 10/06/2011 20:34:10 - System Checkpoint
RP924: 12/06/2011 18:56:11 - System Checkpoint
RP925: 13/06/2011 19:32:03 - System Checkpoint
RP926: 14/06/2011 20:44:54 - Software Distribution Service 3.0
RP927: 14/06/2011 21:01:45 - Software Distribution Service 3.0
RP928: 15/06/2011 00:23:39 - Software Distribution Service 3.0
RP929: 21/06/2011 21:12:59 - Logitech Webcam Software v12.10.1110
RP930: 23/06/2011 12:27:43 - System Checkpoint
RP931: 24/06/2011 12:48:44 - System Checkpoint
RP932: 25/06/2011 19:36:35 - System Checkpoint
RP933: 26/06/2011 19:47:35 - System Checkpoint
RP934: 27/06/2011 20:08:51 - System Checkpoint
RP935: 02/07/2011 12:39:24 - System Checkpoint
RP936: 04/07/2011 12:27:09 - System Checkpoint
RP937: 06/07/2011 16:45:33 - System Checkpoint
RP938: 07/07/2011 17:23:55 - System Checkpoint
RP939: 08/07/2011 17:38:04 - System Checkpoint
RP940: 11/07/2011 09:41:37 - System Checkpoint
RP941: 12/07/2011 19:24:15 - System Checkpoint
RP942: 13/07/2011 20:14:10 - System Checkpoint
RP943: 15/07/2011 13:17:00 - System Checkpoint
RP944: 18/07/2011 18:26:45 - System Checkpoint
RP945: 21/07/2011 10:01:36 - System Checkpoint
RP946: 22/07/2011 19:08:16 - System Checkpoint
RP947: 23/07/2011 19:29:25 - System Checkpoint
RP948: 24/07/2011 20:22:34 - System Checkpoint
RP949: 26/07/2011 12:23:30 - System Checkpoint
RP950: 27/07/2011 17:55:58 - System Checkpoint
RP951: 29/07/2011 12:32:45 - System Checkpoint
RP952: 30/07/2011 21:16:22 - System Checkpoint
RP953: 31/07/2011 21:56:56 - System Checkpoint
RP954: 02/08/2011 11:38:07 - System Checkpoint
RP955: 02/08/2011 15:04:31 - Installed Java(TM) 7
RP956: 02/08/2011 16:49:55 - Installed WinZip 15.5
RP957: 02/08/2011 17:18:28 - Removed Creative Audio Creation Mode console
RP958: 02/08/2011 17:18:39 - Configured Engine Installer
RP959: 02/08/2011 17:18:53 - Installed Creative Audio Creation Mode console
RP960: 02/08/2011 17:19:27 - Removed Creative Console Launcher Component
RP961: 02/08/2011 17:19:39 - Configured Engine Installer
RP962: 02/08/2011 17:19:53 - Installed Creative Console Launcher Component
RP963: 02/08/2011 17:20:32 - Removed Creative Audio Device Selection
RP964: 02/08/2011 17:20:42 - Installed Creative Audio Device Selection
RP965: 02/08/2011 17:20:59 - Installed Engine Installer
RP966: 02/08/2011 17:21:18 - Installed Engine Installer
RP967: 02/08/2011 17:21:52 - Removed Creative Entertainment Mode console
RP968: 02/08/2011 17:22:10 - Installed Creative Entertainment Mode console
RP969: 02/08/2011 17:22:29 - Removed Creative Console Launcher Component
RP970: 02/08/2011 17:22:36 - Configured Engine Installer
RP971: 02/08/2011 17:22:45 - Installed Creative Console Launcher Component
RP972: 02/08/2011 17:23:20 - Removed Creative Audio Device Selection
RP973: 02/08/2011 17:23:32 - Installed Creative Audio Device Selection
RP974: 02/08/2011 17:23:43 - Installed Engine Installer
RP975: 02/08/2011 17:24:03 - Removed Creative Game Mode console
RP976: 02/08/2011 17:24:11 - Installed Creative Game Mode console
RP977: 02/08/2011 17:24:27 - Removed Creative Console Launcher Component
RP978: 02/08/2011 17:24:34 - Configured Engine Installer
RP979: 02/08/2011 17:24:44 - Installed Creative Console Launcher Component
RP980: 02/08/2011 17:25:18 - Removed Creative Audio Device Selection
RP981: 02/08/2011 17:25:28 - Installed Creative Audio Device Selection
RP982: 02/08/2011 17:25:38 - Installed Engine Installer
RP983: 02/08/2011 17:25:58 - Removed Mode Switcher
RP984: 02/08/2011 17:26:06 - Configured Engine Installer
RP985: 02/08/2011 17:26:19 - Installed Mode Switcher
RP986: 02/08/2011 17:26:29 - Removed Creative Audio Device Selection
RP987: 02/08/2011 17:26:36 - Installed Creative Audio Device Selection
RP988: 02/08/2011 17:26:46 - Installed Engine Installer
RP989: 02/08/2011 17:26:59 - Removed Creative Audio Console
RP990: 02/08/2011 17:27:08 - Installed Creative Audio Console
RP991: 02/08/2011 17:27:21 - Removed Creative 3DMIDI Player
RP992: 02/08/2011 17:27:33 - Installed Creative 3DMIDI Player
RP993: 02/08/2011 17:28:15 - Removed Creative Diagnostics 4
RP994: 02/08/2011 17:28:22 - Installed Creative Diagnostics 4
RP995: 02/08/2011 17:28:39 - Removed Creative MediaSource DVD-Audio Player
RP996: 02/08/2011 17:28:50 - Configured Engine Installer
RP997: 02/08/2011 17:28:59 - Installed Creative MediaSource DVD-Audio Player
RP998: 02/08/2011 17:29:18 - Installed Engine Installer
RP999: 02/08/2011 17:29:38 - Removed Creative Speaker Connection Wizard
RP1000: 02/08/2011 17:29:46 - Installed Creative Speaker Connection Wizard
RP1001: 02/08/2011 17:29:58 - Removed THX Setup Console
RP1002: 02/08/2011 17:30:15 - Installed THX Setup Console
RP1003: 02/08/2011 17:30:27 - Removed SoundFont Bank Manager
RP1004: 02/08/2011 17:30:35 - Installed SoundFont Bank Manager
RP1005: 02/08/2011 17:30:46 - Removed Creative Karaoke Player
RP1006: 02/08/2011 17:30:52 - Configured Engine Installer
RP1007: 02/08/2011 17:31:00 - Installed Creative Karaoke Player
RP1008: 02/08/2011 17:32:10 - Removed Creative Audio Device Selection
RP1009: 02/08/2011 17:32:37 - Installed Creative Audio Device Selection
RP1010: 02/08/2011 17:33:01 - Installed Engine Installer
RP1011: 02/08/2011 17:33:55 - Removed Creative Smart Recorder
RP1012: 02/08/2011 17:34:02 - Configured Engine Installer
RP1013: 02/08/2011 17:34:14 - Installed Creative Smart Recorder
RP1014: 02/08/2011 17:34:43 - Installed Engine Installer
RP1015: 02/08/2011 17:35:09 - Removed Creative Vienna SoundFont Studio
RP1016: 02/08/2011 17:35:17 - Installed Creative Vienna SoundFont Studio
RP1017: 02/08/2011 17:35:33 - Removed Creative Volume Panel
RP1018: 02/08/2011 17:35:40 - Configured Engine Installer
RP1019: 02/08/2011 17:35:48 - Installed Creative Volume Panel
RP1020: 02/08/2011 17:35:58 - Removed Creative Audio Device Selection
RP1021: 02/08/2011 17:36:05 - Installed Creative Audio Device Selection
RP1022: 02/08/2011 17:36:14 - Installed Engine Installer
RP1023: 02/08/2011 17:36:27 - Removed Creative WaveStudio
RP1024: 02/08/2011 17:36:45 - Installed Creative WaveStudio
RP1025: 02/08/2011 17:36:58 - Removed X-Fi Splash
RP1026: 02/08/2011 17:37:04 - Configured Engine Installer
RP1027: 02/08/2011 17:37:14 - Installed X-Fi Splash
RP1028: 02/08/2011 17:37:52 - Installed Engine Installer
RP1029: 02/08/2011 17:38:12 - Removed On Screen Display
RP1030: 02/08/2011 17:38:20 - Installed On Screen Display
RP1031: 02/08/2011 17:43:05 - Configured Sound Blaster X-Fi
RP1032: 02/08/2011 22:03:06 - Installed Engine Installer
RP1033: 02/08/2011 22:04:18 - Installed Creative MediaSource
RP1034: 02/08/2011 22:05:59 - Installed Creative MediaSource Detector
RP1035: 02/08/2011 22:06:16 - Installed Creative MediaSource Player Skin Pack
RP1036: 02/08/2011 22:06:58 - Installed Creative Music Store Plugin
RP1037: 02/08/2011 22:07:32 - Installed Creative MediaSource
RP1038: 02/08/2011 22:08:01 - Configured Engine Installer
RP1039: 02/08/2011 22:08:08 - Installed Creative Music Store Plugin
RP1040: 03/08/2011 10:27:20 - Installed Windows Media Player 11
RP1041: 03/08/2011 10:32:25 - Installed Windows XP MSCompPackV1.
RP1042: 03/08/2011 11:07:03 - Installed Windows Internet Explorer 8.
RP1043: 03/08/2011 11:46:48 - Installed Microsoft Fix it 50686
RP1044: 03/08/2011 12:00:53 - Installed Microsoft Fix it 50362
.
==== Installed Programs ======================
.
.
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advertising Center
Apple Application Support
Apple Software Update
ARTEuro
ATI Catalyst Control Center
ATI Catalyst Install Manager
ATI Display Driver
ATI Parental Control & Encoder
AVerMedia DVB-T BDA Video Capture(A800)
AVerTV 6.0
AVG 2011
AVG PC Tuneup 2011
BBC iPlayer Desktop
CapMan
CCleaner
Citrix XenApp Web Plugin
Click to Call with Skype
Creative MediaSource
Creative MediaSource 5
Date Cracker 2000
Dell CinePlayer
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Network Assistant
Dell Support Center
Dell System Restore
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DolbyFiles
DVD Flick
ESET Online Scanner v3
FileHippo.com Update Checker
Foxit Reader 5.0
GemMaster Mystic
Google Chrome
Google Earth Plug-in
Google SketchUp 8
Google Update Helper
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
ieSpell
Image Resizer Powertoy for Windows XP
ImgBurn
Intel(R) PRO Network Connections
Intel® Matrix Storage Manager
InterVideo DeviceService
Java Auto Updater
Java(TM) 6 Update 15
Java(TM) 7
Junk Mail filter update
K-Lite Codec Pack 5.3.0 (Standard)
Logitech Webcam Software
Logitech Webcam Software Driver Package
Lyrics Plugin for Windows Media Player
Macromedia Flash Player
Malwarebytes' Anti-Malware version 1.51.1.1800
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero ControlCenter
Nero Installer
Nokia Connectivity Cable Driver
Nokia PC Suite
OBD-DIAG V1.01.02
PC Connectivity Solution
Photo DVD Maker Professional 7.78
Photo Story 3 for Windows
Power MP3 Recorder Cutter, (ver 5.0)
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody Player Engine
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio Update Manager
Seagate Dashboard
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Segoe UI
Skype™ 5.5
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sound Blaster X-Fi
Spybot - Search & Destroy
SpywareGuard v2.2
Sweet Home 3D
Tweak UI
Ulead VideoStudio 11
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.4053
VideoEgg Publisher
VideoStudio
VLC media player 1.1.5
WavePad Sound Editor
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Media Center Edition 2005 KB2502898
Windows XP Service Pack 3
WinZip 15.5
XML Paper Specification Shared Components Pack 1.0
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi. Thanks for your assistance.

Logs:


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-05 09:16:53
-----------------------------
09:16:53.250 OS Version: Windows 5.1.2600 Service Pack 3
09:16:53.250 Number of processors: 2 586 0xF06
09:16:53.250 ComputerName: FAMILY UserName: Robin
09:16:54.593 Initialize success
09:17:17.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:17:17.484 Disk 0 Vendor: ST332063 3.AD Size: 305245MB BusType: 8
09:17:17.500 Disk 0 MBR read successfully
09:17:17.500 Disk 0 MBR scan
09:17:17.500 Disk 0 unknown MBR code
09:17:17.500 Disk 0 scanning sectors +625137345
09:17:17.562 Disk 0 scanning C:\WINDOWS\system32\drivers
09:17:32.171 Service scanning
09:17:33.406 Modules scanning
09:17:38.000 Disk 0 trace - called modules:
09:17:38.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:17:38.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f84030]
09:17:38.031 3 CLASSPNP.SYS[f7544fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86f54028]
09:17:38.031 Scan finished successfully
09:22:03.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robin\Desktop\MBR.dat"
09:22:03.437 The log file has been saved successfully to "C:\Documents and Settings\Robin\Desktop\aswMBR.txt"
 
ComboFix 11-08-05.01 - Robin 05/08/2011 9:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.475 [GMT 1:00]
Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robin\Application Data\alot
c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}
c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\chrome.manifest
c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\chrome\content\_cfg.js
c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\chrome\content\overlay.xul
c:\documents and settings\Robin\Local Settings\Application Data\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}\install.rdf
c:\documents and settings\Robin\Start Menu\Internet Explorer.lnk
c:\documents and settings\Robin\WINDOWS
c:\windows\PCGWIN32.LI5
c:\windows\setup.exe
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-04 16:00 . 2011-08-04 16:32 -------- d-----w- c:\windows\system32\MpEngineStore
2011-08-03 16:15 . 2011-08-03 16:15 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\WinZip
2011-08-03 11:05 . 2011-08-03 11:05 -------- d-----w- c:\program files\ESET
2011-08-03 10:06 . 2011-08-03 10:07 -------- dc-h--w- c:\windows\ie8
2011-08-02 21:05 . 2011-08-02 21:05 -------- d-----w- c:\program files\ATI
2011-08-02 21:04 . 2011-08-02 21:04 -------- d-----w- C:\ATI
2011-08-02 19:56 . 2011-08-02 19:56 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Sun
2011-08-02 16:42 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-08-02 16:42 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-02 16:42 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-02 16:42 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-02 16:14 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-08-02 16:14 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-08-02 16:14 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-08-02 16:14 . 2003-11-10 17:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-02 15:56 . 2011-08-02 15:56 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-08-02 15:53 . 2011-08-03 08:44 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\OpenCandy
2011-08-02 15:52 . 2011-08-02 15:52 -------- d-----w- c:\documents and settings\Robin\Application Data\OpenCandy
2011-08-02 15:50 . 2011-08-02 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-08-02 14:17 . 2011-08-02 14:17 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-08-02 14:06 . 2011-08-02 14:06 -------- d-----w- c:\program files\Common Files\Java
2011-08-02 14:05 . 2011-08-02 14:04 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-02 14:05 . 2011-08-02 14:04 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-02 13:36 . 2011-08-02 13:36 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\uTorrent
2011-08-02 13:16 . 2011-08-02 13:16 -------- d-----w- c:\program files\FileHippo.com
2011-08-01 14:21 . 2011-08-02 10:08 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq
2011-07-28 21:48 . 2011-07-28 21:48 -------- d-----w- c:\program files\Apple Software Update
2011-07-25 08:56 . 2011-08-02 11:16 -------- d-----w- c:\program files\BBC iPlayer Desktop
2011-07-22 20:56 . 2011-08-02 15:31 -------- d-----w- c:\documents and settings\Robin\Application Data\uTorrent
2011-07-11 10:13 . 2011-07-11 10:13 3727360 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-07-08 15:34 . 2011-07-08 20:45 -------- d-----w- c:\documents and settings\Robin\Application Data\Wiva
2011-07-08 15:34 . 2011-07-08 15:34 -------- d-----w- c:\documents and settings\Robin\Application Data\Alnyox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 14:16 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-02 14:16 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-08-02 14:04 . 2007-11-12 17:53 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-06 18:52 . 2010-12-09 20:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-12-09 20:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 18:50 . 2011-06-22 18:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-11-06 10:55 . 2008-10-15 19:08 748344 ----a-w- c:\program files\Filemon.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-08-02 273544]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^Robin^Start Menu^Programs^Accessories^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 16:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 10:46 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 09:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-21 18:22 17357448 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"Norton Ghost"=2 (0x2)
"MyWebSearchService"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"ImapiService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"Autodata Limited License Service"=2 (0x2)
"SeagateDashboardService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"fsssvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"Capture Device Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168812342\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:*Disabled:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:*Disabled:SingleClick ICC
"3389:TCP"= 3389:TCP:*Disabled:mad:xpsp2res.dll,-22009
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [05/08/2009 09:38 8576]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 22:27 13696]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 22:29 13568]
R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [25/10/2006 20:21 41600]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
S3 DellBIOS;DellBIOS;\??\c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys --> c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [04/03/2005 20:08 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [04/03/2005 20:11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [04/03/2005 20:11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [04/03/2005 20:13 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [04/03/2005 20:15 77072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [09/12/2010 21:06 41272]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [07/12/2010 22:58 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [07/12/2010 22:58 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [07/12/2010 22:58 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [07/12/2010 22:58 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [07/12/2010 22:58 98568]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [30/04/2010 15:47 14088]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
- c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
- c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
.
2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2011-08-05 c:\windows\Tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uSearchAssistant = hxxp://www.google.com/ie
TCP: DhcpNameServer = 192.168.0.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-HmeMpsyh - c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq\hmempsyh.exe
MSConfigStartUp-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
MSConfigStartUp-Izelobesi - c:\windows\linwlus.dll
MSConfigStartUp-jnlxejji - c:\docume~1\Robin\LOCALS~1\Temp\wrfaaprdt\wtxhvcmaffm.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AddRemove-InstallShield_{AC97FBCD-448B-416C-A720-EBDEC9EF6340} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9} - c:\program files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe
AddRemove-InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6764)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\msiexec.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2011-08-05 10:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 09:14
.
Pre-Run: 114,477,756,416 bytes free
Post-Run: 114,819,366,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A49136B986447EBE654495A775AA3607
 
How is computer doing?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Folder::
c:\documents and settings\All Users\Uniblue
c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq


DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:43902

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
My computer looks as though everything is back working again.

Now the problem: I ran Combifix as requested but I closed the LOG file by accident before I managed to save it.
The computer has been re-booted since as I had to re-load AVG back on the system.
I've done a system search but can't find the log file anywhere.

Can I run Combifix again? I didn't want to after all the warnings against the programme.

Again, much appeciated for your service. :)
 
I've just had AVG Resident Shield pop up with the Zbot.G virus again in the c:\System Volume Information\_restore directory.

I guess it's not left my computer just yet!
 
Good news :)

I've just had AVG Resident Shield pop up with the Zbot.G virus again in the c:\System Volume Information\_restore directory.
Click to expand...
That's not a problem. It's in one of your restore points. We'll reset them little bit later.
As long as you don't use system restore until we're done, that entry is not active.

Now as for Combofix log look here: C:\combofix.txt
 
ComboFix 11-08-05.01 - Robin 06/08/2011 11:25:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.487 [GMT 1:00]
Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Uniblue
c:\documents and settings\Robin\Local Settings\Application Data\ygpafppq
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-04 16:00 . 2011-08-04 16:32 -------- d-----w- c:\windows\system32\MpEngineStore
2011-08-03 16:15 . 2011-08-03 16:15 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\WinZip
2011-08-03 11:05 . 2011-08-03 11:05 -------- d-----w- c:\program files\ESET
2011-08-03 10:06 . 2011-08-03 10:07 -------- dc-h--w- c:\windows\ie8
2011-08-02 21:05 . 2011-08-02 21:05 -------- d-----w- c:\program files\ATI
2011-08-02 21:04 . 2011-08-02 21:04 -------- d-----w- C:\ATI
2011-08-02 19:56 . 2011-08-02 19:56 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Sun
2011-08-02 16:42 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-08-02 16:42 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-02 16:42 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-02 16:42 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-02 16:14 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-08-02 16:14 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-08-02 16:14 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-08-02 16:14 . 2003-11-10 17:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-02 15:53 . 2011-08-03 08:44 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\OpenCandy
2011-08-02 15:52 . 2011-08-02 15:52 -------- d-----w- c:\documents and settings\Robin\Application Data\OpenCandy
2011-08-02 15:50 . 2011-08-02 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2011-08-02 14:17 . 2011-08-02 14:17 105472 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-08-02 14:06 . 2011-08-02 14:06 -------- d-----w- c:\program files\Common Files\Java
2011-08-02 14:05 . 2011-08-02 14:04 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-02 14:05 . 2011-08-02 14:04 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-02 13:36 . 2011-08-02 13:36 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\uTorrent
2011-08-02 13:16 . 2011-08-02 13:16 -------- d-----w- c:\program files\FileHippo.com
2011-07-28 21:48 . 2011-07-28 21:48 -------- d-----w- c:\program files\Apple Software Update
2011-07-25 08:56 . 2011-08-02 11:16 -------- d-----w- c:\program files\BBC iPlayer Desktop
2011-07-22 20:56 . 2011-08-02 15:31 -------- d-----w- c:\documents and settings\Robin\Application Data\uTorrent
2011-07-11 10:13 . 2011-07-11 10:13 3727360 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-07-08 15:34 . 2011-07-08 20:45 -------- d-----w- c:\documents and settings\Robin\Application Data\Wiva
2011-07-08 15:34 . 2011-07-08 15:34 -------- d-----w- c:\documents and settings\Robin\Application Data\Alnyox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 14:16 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-02 14:16 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-08-02 14:04 . 2007-11-12 17:53 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-06 18:52 . 2010-12-09 20:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-12-09 20:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 18:50 . 2011-06-22 18:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2005-08-16 03:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2006-11-06 10:55 . 2008-10-15 19:08 748344 ----a-w- c:\program files\Filemon.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-05_09.06.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-08-16 03:18 . 2009-03-08 03:31 66560 c:\windows\system32\mshtmled.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 18:54 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 18:54 . 2009-03-08 03:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 43520 c:\windows\system32\licmgr10.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
- 2005-08-16 03:18 . 2009-03-08 03:33 25600 c:\windows\system32\jsproxy.dll
- 2006-10-19 13:25 . 2009-03-08 03:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-10-19 13:25 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-01-12 10:51 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-01-12 10:51 . 2009-03-08 03:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 18:44 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-19 13:25 . 2009-03-08 03:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-10-19 13:25 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2005-08-16 03:18 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2005-08-16 03:18 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
- 2011-06-14 19:47 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\update\spcustom.dll
- 2011-06-14 19:47 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\spmsg.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 12800 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\xpshims.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 66560 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\mshtmled.dll
- 2011-06-14 19:48 . 2011-04-25 16:09 55296 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\msfeedsbs.dll
- 2011-06-14 19:48 . 2011-04-25 16:09 43520 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\licmgr10.dll
- 2011-06-14 19:48 . 2011-04-25 16:09 25600 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\jsproxy.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 12800 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\xpshims.dll
- 2011-06-14 19:48 . 2011-04-25 16:11 66560 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\mshtmled.dll
- 2011-06-14 19:48 . 2011-04-25 16:11 55296 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\msfeedsbs.dll
- 2011-06-14 19:48 . 2011-04-25 16:11 43520 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\licmgr10.dll
- 2011-06-14 19:48 . 2011-04-25 16:11 25600 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\jsproxy.dll
- 2011-06-14 18:48 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\spcustom.dll
- 2011-06-14 18:48 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\spmsg.dll
+ 2009-09-01 05:20 . 2011-08-05 11:04 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-08-05 11:02 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2544521-IE8\spmsg.dll
+ 2011-08-05 11:02 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2544521-IE8\spcustom.dll
+ 2011-08-05 11:03 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB2530548-IE8\xpshims.dll
+ 2011-08-05 11:03 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2530548-IE8\spmsg.dll
+ 2011-08-05 11:03 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2530548-IE8\spcustom.dll
+ 2011-08-05 11:02 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2530548-IE8\mshtmled.dll
+ 2011-08-05 11:02 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB2530548-IE8\msfeedsbs.dll
+ 2011-08-05 11:02 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2530548-IE8\licmgr10.dll
+ 2011-08-05 11:02 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB2530548-IE8\jsproxy.dll
+ 2011-08-05 11:02 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2510531-IE8\spmsg.dll
+ 2011-08-05 11:02 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2510531-IE8\spcustom.dll
+ 2005-08-16 03:18 . 2011-04-26 11:07 293376 c:\windows\system32\winsrv.dll
- 2005-08-16 03:18 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 916480 c:\windows\system32\wininet.dll
+ 2005-08-16 03:18 . 2011-03-04 06:37 420864 c:\windows\system32\vbscript.dll
+ 2005-08-16 03:18 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
- 2005-08-16 03:18 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
+ 2007-08-13 18:54 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
- 2005-08-16 03:18 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll
+ 2005-08-16 03:18 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2005-08-16 03:18 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
- 2005-08-16 03:27 . 2011-04-20 07:54 328296 c:\windows\system32\FNTCACHE.DAT
+ 2005-08-16 03:27 . 2011-08-05 11:50 328296 c:\windows\system32\FNTCACHE.DAT
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-06-18 17:45 . 2011-04-26 11:07 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2006-10-19 13:25 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-09-18 14:15 . 2011-04-30 03:01 758784 c:\windows\system32\dllcache\vgx.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2008-12-05 06:54 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll
+ 2007-08-13 18:44 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-10-19 13:25 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
- 2006-10-19 13:25 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-01-12 10:51 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-19 13:25 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 18:39 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 18:39 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-06-14 19:47 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\update\updspapi.dll
- 2011-06-14 19:47 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\update\update.exe
- 2011-06-14 19:47 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\spuninst.exe
- 2011-06-14 19:47 . 2011-04-25 16:09 919552 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\wininet.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 206848 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\occache.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 611840 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\mstime.dll
- 2011-06-14 19:48 . 2011-04-25 16:09 602112 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\msfeeds.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 247808 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\ieproxy.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 184320 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iepeers.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 743424 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iedvtool.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 387584 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iedkcs32.dll
- 2011-06-14 19:47 . 2011-04-25 11:37 173568 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\ie4uinit.exe
- 2011-06-14 19:47 . 2011-04-25 16:11 916480 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\wininet.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 206848 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\occache.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 611840 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\mstime.dll
- 2011-06-14 19:48 . 2011-04-25 16:11 602112 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\msfeeds.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 247808 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\ieproxy.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 184320 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iepeers.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 743424 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iedvtool.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 387584 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iedkcs32.dll
- 2011-06-14 19:47 . 2011-04-25 12:01 173568 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\ie4uinit.exe
- 2011-06-14 18:48 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\updspapi.dll
- 2011-06-14 18:48 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\update\update.exe
- 2011-06-14 18:48 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\spuninst.exe
- 2011-06-14 18:48 . 2011-04-30 02:59 758784 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\SP3QFE\vgx.dll
- 2011-06-14 18:48 . 2011-04-30 03:01 758784 c:\windows\SoftwareDistribution\Download\85ef43cf285b550a459dd3afbad2f0b8\SP3GDR\vgx.dll
+ 2009-09-01 05:20 . 2011-08-05 11:04 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-08-05 11:02 . 2009-03-08 03:33 759296 c:\windows\ie8updates\KB2544521-IE8\vgx.dll
+ 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\updspapi.dll
+ 2011-08-05 11:02 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2544521-IE8\update.exe
+ 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2544521-IE8\spuninst\updspapi.dll
+ 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst\spuninst.exe
+ 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2544521-IE8\spuninst.exe
+ 2011-08-05 11:02 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB2530548-IE8\wininet.dll
+ 2011-08-05 11:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\updspapi.dll
+ 2011-08-05 11:03 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2530548-IE8\update.exe
+ 2011-08-05 11:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2530548-IE8\spuninst\updspapi.dll
+ 2011-08-05 11:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst\spuninst.exe
+ 2011-08-05 11:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2530548-IE8\spuninst.exe
+ 2011-08-05 11:02 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB2530548-IE8\occache.dll
+ 2011-08-05 11:02 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB2530548-IE8\mstime.dll
+ 2011-08-05 11:02 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB2530548-IE8\msfeeds.dll
+ 2011-08-05 11:03 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB2530548-IE8\ieproxy.dll
+ 2011-08-05 11:02 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB2530548-IE8\iepeers.dll
+ 2011-08-05 11:03 . 2009-03-08 03:35 742912 c:\windows\ie8updates\KB2530548-IE8\iedvtool.dll
+ 2011-08-05 11:03 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB2530548-IE8\iedkcs32.dll
+ 2011-08-05 11:03 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB2530548-IE8\ie4uinit.exe
+ 2011-08-05 11:02 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\updspapi.dll
+ 2011-08-05 11:02 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2510531-IE8\update.exe
+ 2011-08-05 11:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-08-05 11:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst.exe
+ 2011-08-05 11:02 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2005-08-16 03:18 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon.dll
+ 2005-08-16 03:18 . 2011-05-30 22:19 5964800 c:\windows\system32\mshtml.dll
+ 2007-08-13 18:34 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
+ 2008-10-15 11:02 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2006-10-19 13:25 . 2011-04-25 16:11 1211904 c:\windows\system32\dllcache\urlmon.dll
+ 2006-10-19 13:25 . 2011-05-30 22:19 5964800 c:\windows\system32\dllcache\mshtml.dll
+ 2008-01-12 10:51 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 1213952 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\urlmon.dll
- 2011-06-14 19:47 . 2011-05-30 22:17 5967360 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\mshtml.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 1992192 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\iertutil.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 1211904 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\urlmon.dll
- 2011-06-14 19:47 . 2011-05-30 22:19 5964800 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\mshtml.dll
- 2011-06-14 19:47 . 2011-04-25 16:11 1991680 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3GDR\iertutil.dll
+ 2011-06-21 11:01 . 2011-06-21 11:01 4991488 c:\windows\Installer\6c3ffd.msp
+ 2011-08-05 10:07 . 2011-08-05 10:07 3489280 c:\windows\Installer\352cf3.msi
+ 2011-08-05 10:03 . 2011-08-05 10:03 1611776 c:\windows\Installer\352cee.msi
+ 2009-09-01 05:20 . 2011-08-05 11:04 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-01 05:20 . 2011-06-14 23:29 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-09-01 05:20 . 2011-08-05 11:04 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-08-05 11:02 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB2530548-IE8\urlmon.dll
+ 2011-08-05 11:02 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
+ 2011-08-05 11:02 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB2530548-IE8\iertutil.dll
+ 2006-12-27 11:53 . 2011-08-05 11:04 49089992 c:\windows\system32\MRT.exe
+ 2007-08-13 18:54 . 2011-04-26 09:11 11081728 c:\windows\system32\ieframe.dll
+ 2008-01-12 10:51 . 2011-04-26 09:11 11081728 c:\windows\system32\dllcache\ieframe.dll
- 2011-06-14 19:47 . 2011-04-25 16:09 11083776 c:\windows\SoftwareDistribution\Download\e1622c8bcf4be764e16402f5b407b1ab\SP3QFE\ieframe.dll
+ 2011-08-05 11:02 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB2530548-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^Robin^Start Menu^Programs^Accessories^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Robin\Start Menu\Programs\Accessories\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 16:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 00:00 45056 ------w- c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 10:46 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 09:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 04:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 08:14 79136 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-07-21 18:22 17357448 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-08-02 14:16 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"Norton Ghost"=2 (0x2)
"ioloSystemService"=2 (0x2)
"ioloFileInfoList"=2 (0x2)
"ImapiService"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"CCALib8"=2 (0x2)
"Autodata Limited License Service"=2 (0x2)
"SeagateDashboardService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"fsssvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"Capture Device Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1168812342\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:*Disabled:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:*Disabled:SingleClick ICC
"3389:TCP"= 3389:TCP:*Disabled:mad:xpsp2res.dll,-22009
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [05/08/2009 09:38 8576]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 22:27 13696]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 22:29 13568]
R3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [25/10/2006 20:21 41600]
S3 DellBIOS;DellBIOS;\??\c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys --> c:\docume~1\Robin\LOCALS~1\Temp\DellBIOS.Sys [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [04/03/2005 20:08 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [04/03/2005 20:11 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [04/03/2005 20:11 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [04/03/2005 20:13 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [04/03/2005 20:15 77072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [09/12/2010 21:06 41272]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [07/12/2010 22:58 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [07/12/2010 22:58 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [07/12/2010 22:58 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [07/12/2010 22:58 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [07/12/2010 22:58 98568]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/02/2010 22:04 135664]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [30/04/2010 15:47 14088]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 21:04]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
- c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
- c:\documents and settings\Robin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-02 18:22]
.
2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-08-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-08-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-08-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2011-08-06 c:\windows\Tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 11:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-06 11:36:55
ComboFix-quarantined-files.txt 2011-08-06 10:36
ComboFix2.txt 2011-08-05 09:14
.
Pre-Run: 114,780,409,856 bytes free
Post-Run: 114,762,522,624 bytes free
.
- - End Of File - - 6A4618CC70963E9081EF0E4F6EDBBFB9
 
Good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 07/08/2011 18:52:30 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Robin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.85 Mb Total Physical Memory | 325.42 Mb Available Physical Memory | 31.85% Memory free
2.40 Gb Paging File | 1.48 Gb Available in Paging File | 61.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 218.89 Gb Total Space | 107.41 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 11.85 Gb Free Space | 15.90% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
PRC - [2011/07/27 09:03:22 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/12 11:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 10:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/11/04 18:07:56 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/10/14 11:01:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/11/08 21:30:00 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ServiceLayer)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (Belkin Wireless USB Network Adapter Service)
SRV - [2011/08/02 15:04:36 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/30 15:47:00 | 000,014,088 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/06 11:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/01 00:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 23:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 23:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/17 07:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/04/23 16:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 16:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 16:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 16:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 16:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/12 22:29:38 | 000,013,568 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt)
DRV - [2006/01/12 22:27:16 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/01/12 22:26:10 | 000,013,312 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2005/11/08 13:15:38 | 000,439,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/11/08 13:15:38 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 13:15:22 | 001,095,680 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/11/08 13:14:54 | 000,114,688 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 13:14:46 | 000,143,360 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 13:14:44 | 000,077,824 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/11/08 13:14:40 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/09/20 12:47:00 | 000,041,600 | ---- | M] (AVerMedia Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avera800.sys -- (avera800) AVerMedia DVB-T BDA Video Capture(A800)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/02 16:00:36 | 000,232,192 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/07/13 10:18:48 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/03/04 20:15:54 | 000,077,072 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600obex.sys -- (k600obex)
DRV - [2005/03/04 20:13:46 | 000,079,248 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mgmt.sys -- (k600mgmt)
DRV - [2005/03/04 20:11:26 | 000,087,456 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdm.sys -- (k600mdm)
DRV - [2005/03/04 20:11:20 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600mdfl.sys -- (k600mdfl)
DRV - [2005/03/04 20:08:50 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k600bus.sys -- (k600bus) Sony Ericsson 600i driver (WDM)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2003/01/10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0061019
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: avg@igeared:7.004.022.004
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {5F2715B7-B51D-4D1C-9E93-43378687EE5D}:1.9.1
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbd4e0c&v=7.004.022.004&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/01/21 22:39:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/06 12:13:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/02 15:17:22 | 000,000,000 | ---D | M]

[2009/09/14 19:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Extensions
[2011/08/02 14:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\1mbovgcd.default\extensions
[2011/08/02 16:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/06 16:18:31 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/02 15:05:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/02 15:17:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\1MBOVGCD.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ROBIN\LOCAL SETTINGS\APPLICATION DATA\{5F2715B7-B51D-4D1C-9E93-43378687EE5D}
[2011/08/06 12:13:50 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/06 12:14:33 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/09/01 11:41:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/02 15:04:39 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/08/05 10:06:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Robin\Start Menu\Programs\Accessories\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1193693666062 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1193693595625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 18:40:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
[2011/08/06 16:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\ADSL Using BT’s Speed tester service Community Site_files
[2011/08/06 13:24:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/06 12:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\AVG10
[2011/08/06 12:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/06 12:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/08/06 12:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/06 12:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/06 11:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/06 11:36:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/05 09:56:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/05 09:52:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/05 09:52:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/05 09:52:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/05 09:52:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/05 09:52:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/05 09:52:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/05 09:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\Win32 zbot.g virus on computer - can't update Windows - TechSpot OpenBoards_files
[2011/08/05 09:31:38 | 006,640,296 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Robin\Desktop\AppRemover.exe
[2011/08/05 09:23:08 | 004,164,628 | R--- | C] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2011/08/04 18:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Desktop\UPDATED 7-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards_files
[2011/08/04 18:34:08 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Robin\Desktop\dds.scr
[2011/08/04 17:00:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/08/03 17:31:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robin\Recent
[2011/08/03 17:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\WinZip
[2011/08/03 12:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/03 11:06:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/02 22:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/08/02 22:04:18 | 000,000,000 | ---D | C] -- C:\ATI
[2011/08/02 20:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\Sun
[2011/08/02 16:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\OpenCandy
[2011/08/02 16:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\OpenCandy
[2011/08/02 16:50:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/02 16:49:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/08/02 15:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/02 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/02 15:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/02 14:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
[2011/08/02 14:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Local Settings\Application Data\uTorrent
[2011/08/02 14:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2011/07/28 22:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/07/25 09:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2011/07/22 21:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin\Application Data\uTorrent
[2008/10/15 20:08:35 | 000,748,344 | ---- | C] (Sysinternals) -- C:\Program Files\Filemon.exe
[2008/04/24 22:27:02 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/04/24 22:27:00 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/27 13:56:53 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/08/27 13:43:05 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/08/27 13:42:36 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/07 18:55:06 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
[2011/08/07 18:46:05 | 127,267,075 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
[2011/08/07 18:36:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
[2011/08/07 18:36:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/07 18:36:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 18:36:32 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/07 10:16:33 | 000,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/08/07 10:16:33 | 000,054,788 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/08/07 10:16:33 | 000,054,788 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/08/07 10:16:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/08/07 10:16:33 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/08/07 10:13:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\prvlcl.dat
[2011/08/07 09:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/07 09:17:02 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
[2011/08/07 09:17:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
[2011/08/06 16:36:53 | 000,036,679 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\ADSL Using BT’s Speed tester service Community Site.htm
[2011/08/06 12:14:05 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/06 11:50:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/06 10:51:33 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/08/05 12:50:02 | 000,328,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/05 12:03:18 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/05 10:06:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/05 09:35:57 | 000,129,822 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Win32 zbot.g virus on computer - can't update Windows - TechSpot OpenBoards.htm
[2011/08/05 09:33:46 | 006,640,296 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Robin\Desktop\AppRemover.exe
[2011/08/05 09:24:19 | 004,164,628 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2011/08/05 09:22:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\MBR.dat
[2011/08/04 18:34:42 | 000,102,884 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\UPDATED 7-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards.htm
[2011/08/04 18:34:22 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\dds.scr
[2011/08/04 18:17:19 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\y0ud715w.exe
[2011/08/04 12:30:53 | 000,000,391 | -H-- | M] () -- C:\IPH.PH
[2011/08/04 11:58:16 | 000,749,575 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\Socket Guarantee.PDF
[2011/08/03 11:09:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/03 10:32:06 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/03 10:32:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/03 10:32:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/03 10:02:00 | 000,000,152 | ---- | M] () -- C:\WINDOWS\CoolPlay.ini
[2011/08/02 22:08:15 | 000,000,183 | ---- | M] () -- C:\WINDOWS\setuplog
[2011/08/02 16:21:10 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Convert.lnk
[2011/08/02 16:16:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
[2011/08/02 16:15:07 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Google Chrome.lnk
[2011/08/02 16:15:07 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/02 14:32:20 | 000,436,218 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110803-123035.backup
[2011/08/02 14:16:52 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Update Checker.lnk
[2011/08/02 14:00:49 | 000,428,373 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110802-143219.backup
[2011/08/02 13:58:23 | 000,020,988 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_135807 1358 2-8-11.reg
[2011/08/02 13:44:34 | 000,007,842 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134420 back up 1344 2-08-11.reg
[2011/08/02 13:43:45 | 001,371,792 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134317 back up 1343 2-08-11.reg
[2011/08/01 18:50:16 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/07/31 19:50:22 | 000,132,608 | ---- | M] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/28 22:48:59 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 20:09:49 | 000,104,397 | ---- | M] () -- C:\Documents and Settings\Robin\My Documents\plugin-sleep_ebook.pdf
[2011/07/13 18:01:56 | 000,172,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/07/11 22:34:37 | 000,044,565 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\Robin & Dad.jpg
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========

[2011/08/27 13:43:05 | 000,000,564 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/08/06 16:36:51 | 000,036,679 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\ADSL Using BT’s Speed tester service Community Site.htm
[2011/08/06 12:14:05 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/05 12:01:57 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/05 09:56:47 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/08/05 09:56:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/05 09:52:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/05 09:52:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/05 09:52:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/05 09:52:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/05 09:52:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/05 09:35:56 | 000,129,822 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Win32 zbot.g virus on computer - can't update Windows - TechSpot OpenBoards.htm
[2011/08/05 09:22:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\MBR.dat
[2011/08/04 18:34:36 | 000,102,884 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\UPDATED 7-step Viruses Spyware Malware Preliminary Removal Instructions - TechSpot OpenBoards.htm
[2011/08/04 18:17:14 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\y0ud715w.exe
[2011/08/04 12:30:25 | 000,000,391 | -H-- | C] () -- C:\IPH.PH
[2011/08/04 11:59:16 | 000,749,575 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\Socket Guarantee.PDF
[2011/08/03 11:13:20 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job
[2011/08/03 11:09:54 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/03 10:31:57 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/02 22:12:49 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/08/02 22:12:49 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2011/08/02 17:42:13 | 000,054,788 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/08/02 17:42:13 | 000,054,788 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/08/02 17:42:12 | 000,064,984 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2011/08/02 16:21:10 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut (2) to Convert.lnk
[2011/08/02 16:16:13 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
[2011/08/02 16:16:13 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1721640027-2127551328-3980725348-1005.job
[2011/08/02 16:15:07 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Google Chrome.lnk
[2011/08/02 16:15:07 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/02 16:07:14 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005UA.job
[2011/08/02 16:07:12 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1721640027-2127551328-3980725348-1005Core.job
[2011/08/02 14:16:51 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Update Checker.lnk
[2011/08/02 13:58:21 | 000,020,988 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_135807 1358 2-8-11.reg
[2011/08/02 13:44:31 | 000,007,842 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134420 back up 1344 2-08-11.reg
[2011/08/02 13:43:38 | 001,371,792 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\cc_20110802_134317 back up 1343 2-08-11.reg
[2011/07/28 22:48:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/27 20:17:42 | 000,104,397 | ---- | C] () -- C:\Documents and Settings\Robin\My Documents\plugin-sleep_ebook.pdf
[2011/07/25 09:50:08 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2011/07/11 22:34:37 | 000,044,565 | ---- | C] () -- C:\Documents and Settings\Robin\Desktop\Robin & Dad.jpg
[2011/06/21 21:11:06 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6grn36wgdoay08
[2011/06/21 21:11:05 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\6grn36wgdoay08
[2010/12/17 22:54:20 | 000,297,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/16 23:56:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\prvlcl.dat
[2010/01/03 15:06:54 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/01/03 15:06:54 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/01/03 15:06:54 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/01/03 15:06:54 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/01/03 15:06:54 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/01/03 15:06:54 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/11/18 22:03:35 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/11/07 13:06:55 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/26 11:29:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009/08/21 18:47:37 | 000,000,203 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/12 20:33:31 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\dvd.bmk
[2009/03/08 18:27:21 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/12/18 17:27:25 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\Boxworld.exe
[2008/11/29 11:37:09 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/08/17 11:40:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/05/01 14:41:58 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008/05/01 14:16:59 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/05/01 14:11:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/04/24 22:27:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/24 22:27:04 | 000,366,255 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/04/24 22:27:04 | 000,313,207 | R--- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/04/24 22:27:04 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2008/04/24 22:27:04 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2008/04/24 22:27:04 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2008/04/24 22:27:04 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/04/24 22:27:04 | 000,053,932 | R--- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/04/24 22:27:02 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/04/24 22:27:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2008/04/24 22:27:02 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/04/24 22:27:01 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/03/10 19:54:01 | 000,029,574 | ---- | C] () -- C:\WINDOWS\SETUP1.EXE
[2008/03/02 20:10:13 | 000,901,120 | R--- | C] () -- C:\Program Files\Settlers_1.adf
[2008/01/12 11:02:52 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/08 13:15:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/28 18:24:00 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5B0180F91E.sys
[2007/01/26 20:31:30 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1EF980015B.sys
[2007/01/26 20:31:28 | 000,006,216 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/05 18:00:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2007/01/05 18:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/01/03 22:30:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\GSP_ApRg.INI
[2006/12/31 12:54:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/12/29 19:53:54 | 000,132,608 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/19 08:15:20 | 000,065,154 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/12/12 11:39:02 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2006/12/12 11:34:04 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/12/04 19:16:38 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/10/28 14:07:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/10/25 21:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/25 20:44:33 | 000,000,750 | ---- | C] () -- C:\WINDOWS\Sof.INI
[2006/10/25 20:26:31 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\EADF0FF5ED.sys
[2006/10/25 20:20:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll
[2006/10/25 20:18:48 | 000,001,216 | ---- | C] () -- C:\Documents and Settings\Robin\Application Data\wklnhst.dat
[2006/10/25 20:05:07 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BA801026DF.sys
[2006/10/25 19:58:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/10/25 19:54:24 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\fusioncache.dat
[2006/10/19 14:46:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/19 14:42:25 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/10/19 14:39:15 | 000,000,916 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/19 14:36:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/19 14:35:06 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/10/19 14:09:29 | 000,000,190 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/10/19 14:09:28 | 000,050,432 | R--- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/10/19 14:08:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/19 14:08:28 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/19 14:07:32 | 000,000,476 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,328,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 04:18:33 | 000,446,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 04:18:33 | 000,073,370 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 04:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 04:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 04:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 04:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 04:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 04:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/12 22:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/03/14 13:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe

========== LOP Check ==========

[2010/10/30 22:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3131A
[2008/04/06 18:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anvsoft
[2008/03/10 20:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodata Limited
[2011/08/06 16:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/06 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/18 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/01/15 19:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2007/11/08 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/10/19 08:52:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/21 22:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/01/03 15:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/10/15 21:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/01/17 00:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/05/21 09:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2011/08/06 12:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/10/02 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/05/05 21:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/09 18:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/12/17 16:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/08/02 11:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/29 21:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/06/07 09:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/02 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/10/19 14:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/03 21:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualDecor
[2011/08/02 16:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/27 15:42:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\alot
[2010/10/21 21:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\AVG
[2010/10/19 09:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\AVG10
[2009/07/15 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/10/30 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\bearsharemediabartb
[2009/02/18 15:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Canon
[2010/10/14 09:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Foxit Software
[2009/01/27 14:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\iolo
[2008/06/11 13:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Leadertech
[2009/06/30 20:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\LimeWire
[2009/05/06 08:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\PC Suite
[2010/12/08 16:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Teleca
[2008/12/31 12:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Template
[2010/01/07 13:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\Ulead Systems
[2010/12/31 19:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\uTorrent
[2008/10/15 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/09/17 10:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/05/21 09:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
[2011/08/03 13:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\471A38B5E31E62F5A5E71761DBE517AA
[2011/07/08 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Alnyox
[2011/08/06 12:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\AVG10
[2009/12/22 20:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\AVG9
[2009/07/03 22:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/05/17 16:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\BitsPaper
[2007/02/02 22:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\BitTorrent
[2006/12/25 13:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Canon
[2009/06/02 19:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Cisco
[2007/12/05 23:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\CoCreate
[2009/12/27 16:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ElevatedDiagnostics
[2011/03/13 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\eTeks
[2008/10/02 19:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\FLV Extract
[2010/12/01 15:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ICAClient
[2009/03/04 18:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ieSpell
[2009/08/26 20:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\ImgBurn
[2007/01/25 19:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Intervideo
[2008/12/20 12:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\iolo
[2011/05/17 18:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Kuem
[2006/10/25 20:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Leadertech
[2008/10/02 19:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\NCH Swift Sound
[2010/12/14 22:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Nokia
[2011/08/02 16:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\OpenCandy
[2010/12/14 22:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\PC Suite
[2010/12/17 16:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\PCDr
[2011/05/21 09:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Seagate
[2010/12/07 22:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Teleca
[2006/10/25 20:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Template
[2011/05/19 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Toqy
[2010/01/04 00:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Ulead Systems
[2011/08/02 16:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\uTorrent
[2011/07/08 21:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin\Application Data\Wiva
[2011/08/27 13:43:05 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/08/27 13:42:36 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/27 13:56:53 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2011/08/07 18:55:06 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9039F7F2-8B6A-4671-A98E-34792758D91F}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/17 11:15:35 | 000,011,734 | ---- | M] () -- C:\B2K_FSK.pcm
[2011/08/01 18:50:16 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/08/06 10:51:33 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/05 19:25:19 | 000,008,620 | ---- | M] () -- C:\bootex.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/06 11:36:55 | 000,036,716 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/10/19 14:12:12 | 000,005,959 | RH-- | M] () -- C:\dell.sdr
[2008/09/06 10:53:48 | 000,000,144 | ---- | M] () -- C:\domains.dat
[2011/08/07 18:36:32 | 1071,562,752 | -HS- | M] () -- C:\hiberfil.sys
[2006/10/25 22:33:28 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2009/09/26 11:29:14 | 000,001,120 | ---- | M] () -- C:\INSTALL.LOG
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2011/08/04 12:30:53 | 000,000,391 | -H-- | M] () -- C:\IPH.PH
[2011/05/23 20:23:11 | 000,000,326 | ---- | M] () -- C:\MemeoSendAddin
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/23 12:50:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/07 18:36:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/12/01 16:35:43 | 000,000,134 | ---- | M] () -- C:\pmt.dat
[2009/09/14 17:37:11 | 000,001,156 | ---- | M] () -- C:\reregisterie.cmd
[2009/01/01 12:36:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/05 15:29:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/01/06 13:25:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/01/07 16:32:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/01/08 12:16:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/09 12:51:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/11 15:01:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/11 15:06:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/11 15:20:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/01/11 15:20:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/01/11 15:22:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/01/11 15:27:31 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/01/13 15:38:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/01/14 19:20:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/01/17 13:22:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/01/20 23:26:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/01/21 17:19:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/01/24 17:16:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/12/22 14:06:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/12/31 14:06:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/01/01 12:36:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/05 15:29:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/01/06 13:25:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/01/07 16:32:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/01/08 12:16:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/09 12:51:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/11 15:01:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/11 15:06:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/11 15:20:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/11 15:20:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/11 15:22:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/01/11 15:27:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/01/13 15:38:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/01/14 19:20:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/01/17 13:22:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/01/20 23:26:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/01/21 17:19:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/01/24 17:16:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/12/22 14:06:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/12/31 14:06:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007/10/30 21:26:57 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2011/08/05 16:05:45 | 000,004,826 | ---- | M] () -- C:\winzip.log

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/01/21 20:57:13 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2006/07/28 08:32:44 | 000,007,005 | ---- | M] () -- C:\Program Files\Eula.txt
[2006/11/06 11:55:58 | 000,748,344 | ---- | M] (Sysinternals) -- C:\Program Files\Filemon.exe
[2003/03/20 16:26:42 | 000,014,619 | ---- | M] () -- C:\Program Files\FILEMON.HLP
[1999/09/21 20:16:14 | 000,901,120 | R--- | M] () -- C:\Program Files\Settlers_1.adf

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/12/23 12:56:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2006/10/19 14:30:41 | 000,494,520 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\TRANSFORMS=1033.mst

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/10/25 19:54:34 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 04:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Robin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/08/05 09:33:46 | 006,640,296 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Robin\Desktop\AppRemover.exe
[2011/08/05 09:24:19 | 004,164,628 | R--- | M] (Swearware) -- C:\Documents and Settings\Robin\Desktop\ComboFix.exe
[2011/08/07 18:40:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin\Desktop\OTL.exe
[2011/08/04 18:17:19 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Robin\Desktop\y0ud715w.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2009/11/16 19:58:14 | 000,000,786 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/10/25 19:54:34 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Robin\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/23 12:06:35 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Robin\Cookies\desktop.ini
[2011/08/07 18:55:02 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Robin\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21

< End of report >
 
Extras.txt

OTL Extras logfile created on: 07/08/2011 18:52:30 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Robin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1021.85 Mb Total Physical Memory | 325.42 Mb Available Physical Memory | 31.85% Memory free
2.40 Gb Paging File | 1.48 Gb Available in Paging File | 61.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 218.89 Gb Total Space | 107.41 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 11.85 Gb Free Space | 15.90% Space Free | Partition Type: NTFS

Computer Name: FAMILY | User Name: Robin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Disabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Disabled:SingleClick ICC
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
 
========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Disabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1168812342\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1168812342\ee\aolsoftware.exe:*:Disabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel(R) PRO Network Connections
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6913FBE5-1B4B-4308-8DDD-2944F9C91E06}" = ATI Catalyst Control Center
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F42FC6B-947B-9B89-29B0-545F0815AD7F}" = ATI Parental Control & Encoder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC97FBCD-448B-416C-A720-EBDEC9EF6340}" = AVerMedia DVB-T BDA Video Capture(A800)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED9A325D-9622-4FD0-A731-73D23C6265F3}" = CapMan
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F48DC94B-E4EC-6F4C-6CA2-B3F2D13FF0FD}" = ATI Catalyst Install Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Support Center" = Dell Support Center
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD Flick_is1" = DVD Flick
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Standard)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OBD-DIAG_is1" = OBD-DIAG V1.01.02
"Photo DVD Maker Professional" = Photo DVD Maker Professional 7.78
"Power MP3 Recorder Cutter_is1" = Power MP3 Recorder Cutter, (ver 5.0)
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"SpywareGuard_is1" = SpywareGuard v2.2
"ST6UNST #1" = Date Cracker 2000
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"VideoEgg" = VideoEgg Publisher
"VLC media player" = VLC media player 1.1.5
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Sweet Home 3D" = Sweet Home 3D
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 08/05/2011 05:50:51 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 08/05/2011 05:50:52 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


Error - 09/05/2011 14:41:03 | Computer Name = FAMILY | Source = Media Center Guide | ID = 20
Description = Event Info: Unable to link service to lineup File validation error
- mismatched guide package. The Guide listings service is not currently available.
Please try again later. Process: DefaultDomain Object Name: Microsoft.Ehome.Epg.Loader.Xml.PresetLoader


[ Cisco AnyConnect VPN Client Events ]
Error - 15/07/2009 15:54:06 | Computer Name = WOODCROFT | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 29/07/2009 07:10:20 | Computer Name = WOODCROFT | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 29/07/2009 07:10:20 | Computer Name = WOODCROFT | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 01/09/2009 06:41:39 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 01/09/2009 06:41:39 | Computer Name = FAMILY | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 09/09/2009 06:42:46 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 09/09/2009 06:42:46 | Computer Name = FAMILY | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

Error - 12/09/2009 03:33:43 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 14/09/2009 15:43:22 | Computer Name = FAMILY | Source = vpnagent | ID = 50331650
Description = Termination reason code 7: The agent has been stopped.

Error - 14/09/2009 15:43:22 | Computer Name = FAMILY | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
997 Description: fatal error, stopping service

[ OSession Events ]
Error - 19/04/2010 13:05:39 | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/05/2011 12:01:52 | Computer Name = FAMILY | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09/05/2011 06:27:19 | Computer Name = FAMILY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 09/05/2011 06:28:55 | Computer Name = FAMILY | Source = DCOM | ID = 10010
Description = The server {CD621DE4-2AA5-4468-ADF1-087A05891DA7} did not register
with DCOM within the required timeout.

Error - 10/05/2011 07:53:29 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/05/2011 14:08:05 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 001676DC332D.

Error - 13/05/2011 12:37:14 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 001676DC332D.

Error - 15/05/2011 04:57:16 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 001676DC332D.

Error - 16/05/2011 09:27:04 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/05/2011 06:46:56 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 19/05/2011 06:39:08 | Computer Name = FAMILY | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 001676DC332D.

Error - 21/05/2011 03:54:00 | Computer Name = FAMILY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001676DC332D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
 
I noticed that the following link is not actually on my C drive

"C:\Program Files\BearShare Applications\BearShare\BearShare.exe

I offloaded that last year, after my missus downloaded it, but thought that I had removed it completely. I guess not!
 
How is computer doing?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - File not found
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - File not found
O15 - HKU\S-1-5-21-1721640027-2127551328-3980725348-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/06/21 21:11:06 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6grn36wgdoay08
[2011/06/21 21:11:05 | 000,001,400 | -HS- | C] () -- C:\Documents and Settings\Robin\Local Settings\Application Data\6grn36wgdoay08
[2007/01/28 18:24:00 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5B0180F91E.sys
[2007/01/26 20:31:30 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1EF980015B.sys
[2006/10/25 20:26:31 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\EADF0FF5ED.sys
[2006/10/19 14:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
[2010/10/30 22:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jill\Application Data\bearsharemediabartb

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Computer is behaving itself, which is all good! :) Thanks!
I'll crack on with your request and will revert.
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A368E80-174F-4872-96B5-0B27DDD11DB2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\WINDOWS\Updreg.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1721640027-2127551328-3980725348-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Starting removal of ActiveX control {0CCA191D-13A6-4E29-B746-314DEE697D83}
C:\WINDOWS\Downloaded Program Files\PhotoUploader5.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CCA191D-13A6-4E29-B746-314DEE697D83}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E099162EEEC5}
C:\WINDOWS\Downloaded Program Files\CabSA.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644E432F-49D3-41A1-8DD5-E099162EEEC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {A3256902-51FA-45A0-8A97-FC1143C169D9}
C:\WINDOWS\Downloaded Program Files\DiagWebControl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3256902-51FA-45A0-8A97-FC1143C169D9}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\SET1B8.tmp deleted successfully.
C:\WINDOWS\System32\SET368.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\Documents and Settings\All Users\Application Data\6grn36wgdoay08 moved successfully.
C:\Documents and Settings\Robin\Local Settings\Application Data\6grn36wgdoay08 moved successfully.
C:\WINDOWS\system32\5B0180F91E.sys moved successfully.
C:\WINDOWS\system32\1EF980015B.sys moved successfully.
C:\WINDOWS\system32\EADF0FF5ED.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21 deleted successfully.
C:\Documents and Settings\Jill\Application Data\bearsharemediabartb folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes

User: Jill
->Temp folder emptied: 84620613 bytes
->Temporary Internet Files folder emptied: 38254792 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 110046424 bytes
->Flash cache emptied: 11714 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Robin
->Temp folder emptied: 19282763 bytes
->Temporary Internet Files folder emptied: 8763939 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44220087 bytes
->Google Chrome cache emptied: 422016602 bytes
->Flash cache emptied: 59565 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109186 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 694.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jill
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Robin
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08072011_194925

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Security Check results...

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 15
Java(TM) 7
Out of date Java installed!
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

...and Eset...
 
Status
Not open for further replies.

Similar threads

Tekman777
Problems with Windows Update and Defender
Replies
0
Views
488
Tekman777
Tekman777
D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
391
Fastturtle
F
D
New LogoFAIL exploit leaves Windows and Linux users vulnerable to remote attacks
Replies
1
Views
276
Gezzer
G

Latest posts

Back