OTL logfile created on: 14/05/2011 16:32:51 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Adam Gilbert\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 9.44 Gb Free Space | 25.34% Space Free | Partition Type: NTFS
Drive D: | 34.34 Gb Total Space | 32.74 Gb Free Space | 95.33% Space Free | Partition Type: NTFS
Drive E: | 2.93 Gb Total Space | 1.60 Gb Free Space | 54.72% Space Free | Partition Type: FAT32
 
Computer Name: ADAM | User Name: Adam Gilbert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/05/14 16:31:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Gilbert\My Documents\Downloads\OTL.exe
PRC - [2011/05/04 18:17:20 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2011/05/02 16:14:11 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/02 16:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/30 09:01:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 18:01:10 | 000,079,872 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/13 18:41:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
PRC - [2002/02/08 04:10:28 | 000,315,392 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/05/14 16:31:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adam Gilbert\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (aspnet_state)
SRV - [2011/05/04 18:17:20 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/05/02 16:14:04 | 002,146,496 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/12/29 14:52:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/07 18:01:10 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/07/06 18:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/22 19:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/01/08 09:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008/02/22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/02/22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/09/09 19:48:21 | 000,029,184 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV52.sys -- (SSHDRV52)
DRV - [2005/05/24 15:01:16 | 000,077,040 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 15:00:56 | 000,079,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 15:00:46 | 000,087,424 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 15:00:44 | 000,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 15:00:37 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2005/02/11 10:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005/02/11 10:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005/02/11 10:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005/02/11 10:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005/02/11 10:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/02/21 10:25:22 | 000,019,153 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2002/10/20 21:26:14 | 000,027,008 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlh5x.sys -- (DLH5X)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/02/28 01:49:30 | 000,471,407 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTXH51.sys -- (ham50)
DRV - [2002/02/08 22:30:56 | 000,381,824 | ---- | M] (ATI Technologies Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/01/03 02:00:00 | 000,523,392 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) SB PCI Family Audio Driver (WDM)
DRV - [2001/10/12 16:47:50 | 000,288,860 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/uk/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.staples.co.uk
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\..\URLSearchHook: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-516276246-239712180-3615762775-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.uk/"
FF - prefs.js..extensions.enabledItems: ffox@bandoo.com:5.1
FF - prefs.js..extensions.enabledItems: ConsumerInput@Compete:7565
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.0
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 09:01:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 09:01:25 | 000,000,000 | ---D | M]
 
[2008/11/20 19:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Extensions
[2011/05/13 08:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\extensions
[2011/02/16 14:06:25 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\extensions\ConsumerInput@Compete
[2011/05/07 14:45:02 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\extensions\ffox@bandoo.com
[2009/12/25 13:48:24 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\searchplugins\fast-browser-search.xml
[2010/10/28 11:33:57 | 000,001,154 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\Application Data\Mozilla\Firefox\Profiles\8pswk0wc.default\searchplugins\yahoo-search.xml
[2011/05/13 08:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/31 19:01:06 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/07 14:05:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/06 23:08:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/06 10:29:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/05/09 19:48:38 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\DOCUMENTS AND SETTINGS\ADAM GILBERT\APPLICATION DATA\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@PLAYSUSHI.COM
[2010/04/09 12:25:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/20 21:23:26 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/20 21:23:26 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/20 21:23:26 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/10/20 21:23:26 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
Hosts file not found
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (PlaySushi) - {21608B66-026F-4DCB-9244-0DACA328DCED} -  File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} -  File not found
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O3 - HKU\S-1-5-21-516276246-239712180-3615762775-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
O4 - HKLM..\Run: [AtiPTA]  File not found
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [msnappau] C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-516276246-239712180-3615762775-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} -  File not found
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll (CR64Loader Object)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab (YInstStarter Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227029579404 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231257881562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/msnmessengersetupdownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab (FlashXControl Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll -  File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll -  File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll -  File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll -  File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) -  File not found
O29 - HKLM SecurityProviders - (schannel.dll) -  File not found
O29 - HKLM SecurityProviders - (digest.dll) -  File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/29 21:03:46 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{da2439fe-5303-11df-bd50-000f3df3e821}\Shell\Shell00\Command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: uploadmgr -  File not found
SystemRestore not available.
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/05/14 15:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/05/14 15:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Gilbert\Desktop\pictures
[2011/05/12 11:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/05/12 11:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/08 19:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/08 19:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/05/07 14:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam Gilbert\Application Data\Bandoo
[2011/05/07 14:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bandoo
[2011/05/07 14:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2011/05/07 14:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bandoo
[2011/05/05 13:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/04/22 11:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/05/14 15:13:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/14 15:13:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 15:13:02 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/14 15:12:04 | 000,000,196 | ---- | M] () -- C:\WINDOWS\System32\drivers\ALCICH.DAT
[2011/05/10 20:24:50 | 000,000,873 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2011/05/10 18:13:00 | 000,018,262 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/10 18:12:58 | 000,018,262 | -HS- | M] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/08 19:34:10 | 000,012,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/08 19:33:47 | 805,306,368 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/05/08 19:30:34 | 000,116,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\189A1.sys
[2011/05/08 19:29:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
[2011/05/08 12:53:05 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/08 12:53:05 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/07 16:54:17 | 000,023,148 | -H-- | M] () -- C:\WINDOWS\System32\Atmenuxx.GID
[2011/05/04 18:17:50 | 001,524,112 | ---- | M] () -- C:\WINDOWS\System32\bandoolmx.dll
[2011/04/22 14:30:03 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/16 07:13:43 | 000,496,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 21:54:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/05/10 20:33:46 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/10 17:44:30 | 000,018,262 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/10 17:44:30 | 000,018,262 | -HS- | C] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\71573u8xm23d23cqn3kb208fem1e153x67x
[2011/05/08 19:30:34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\189A1.sys
[2011/05/08 19:29:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\2gweorjqjutp92vjy9gake
[2011/05/07 14:44:35 | 001,524,112 | ---- | C] () -- C:\WINDOWS\System32\bandoolmx.dll
[2011/04/22 14:33:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/22 14:33:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/06/11 22:42:09 | 000,112,264 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/07 15:03:08 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/05 13:18:47 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/07 20:21:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009/08/07 20:21:58 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009/08/07 20:21:34 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\$_hpcst$.hpc
[2008/11/19 18:24:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/18 19:06:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/03/31 16:06:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/10/31 15:28:37 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\ViewerApp.dat
[2006/08/02 13:53:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/02 13:51:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/04/11 15:19:46 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/02/13 19:58:02 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\com.kennettnet.PodUtil.plist
[2005/12/29 14:26:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/09/09 19:48:21 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV52.sys
[2005/05/26 22:43:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/26 22:43:05 | 000,003,308 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/04/01 19:41:41 | 000,942,320 | ---- | C] () -- C:\WINDOWS\System32\oeemntti.dat
[2005/04/01 19:41:41 | 000,077,000 | ---- | C] () -- C:\WINDOWS\System32\c8sqv7qf.dat
[2005/04/01 19:41:41 | 000,005,400 | ---- | C] () -- C:\WINDOWS\System32\11au7hmc.dat
[2005/04/01 19:41:41 | 000,002,709 | ---- | C] () -- C:\WINDOWS\System32\9l67n5e7.dat
[2005/04/01 19:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lro2fria.dat
[2005/04/01 19:41:35 | 000,003,560 | ---- | C] () -- C:\WINDOWS\System32\j3tuu8r2.ini
[2005/04/01 19:41:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\o994ebij.ini
[2005/04/01 19:41:35 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\kojrd454.ini
[2005/02/25 14:49:53 | 000,000,538 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2004/12/10 13:32:22 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\user52.rdb
[2004/08/12 14:34:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2004/01/13 18:17:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2003/12/29 00:33:51 | 000,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/12/04 17:09:32 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/12/04 17:09:32 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/12/04 17:09:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/06/12 17:12:25 | 000,000,474 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/12/30 20:45:56 | 000,000,282 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2002/12/20 15:11:10 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2002/12/17 17:18:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2002/10/27 23:14:58 | 000,000,162 | ---- | C] () -- C:\WINDOWS\CTRec.INI
[2002/10/26 14:03:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\GpUnInst.exe
[2002/10/26 14:01:25 | 000,024,576 | ---- | C] () -- C:\WINDOWS\dphoun.exe
[2002/10/26 14:00:26 | 000,140,800 | ---- | C] () -- C:\WINDOWS\serifun.exe
[2002/10/25 18:41:15 | 000,000,063 | ---- | C] () -- C:\WINDOWS\GSPCV.INI
[2002/10/25 18:39:29 | 000,000,147 | ---- | C] () -- C:\WINDOWS\TravManG.INI
[2002/09/16 19:04:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/09/16 19:03:03 | 000,000,104 | ---- | C] () -- C:\WINDOWS\CTWave32.ini
[2002/09/14 20:35:56 | 000,000,196 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALCICH.DAT
[2002/09/13 12:09:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2002/09/11 21:48:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/09/11 21:29:07 | 000,000,128 | ---- | C] () -- C:\WINDOWS\msje8tp.dat
[2002/09/11 20:19:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Adam Gilbert\Application Data\sversion.ini
[2002/09/10 08:44:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2002/09/10 08:44:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2002/09/10 08:44:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2002/09/10 08:43:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2002/09/10 08:43:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2002/09/10 08:43:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2002/09/10 08:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2002/09/10 08:43:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2002/09/10 08:42:24 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2002/09/10 08:41:52 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2002/09/10 08:41:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2002/09/10 08:41:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2002/09/10 08:41:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2002/09/10 08:41:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2002/09/10 08:41:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2002/09/10 08:41:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2002/09/06 18:10:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE
[2002/09/06 18:10:44 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2002/09/06 18:00:46 | 001,552,384 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2002/07/07 17:13:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2002/07/07 16:59:39 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2002/06/30 09:49:22 | 000,105,292 | ---- | C] () -- C:\WINDOWS\restart.exe
[2002/05/20 18:47:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2002/05/20 11:42:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/05/20 03:12:51 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/05/20 02:52:59 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/05/20 02:46:21 | 000,000,873 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/05/20 02:44:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/05/20 02:38:19 | 000,022,736 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/05/19 19:32:32 | 000,004,315 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/05/19 19:31:34 | 000,496,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/05/19 17:25:13 | 000,001,384 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/05/19 17:24:37 | 000,338,658 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/05/19 17:24:37 | 000,052,216 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/05/19 17:24:32 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/04/16 12:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2001/09/04 12:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 12:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2000/05/08 05:20:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\trayhook.dll
[2000/05/08 05:20:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\sointgr.exe
[1999/10/25 11:53:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2005/06/23 21:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\agukuk2005
[2010/06/30 14:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Amazon
[2011/05/07 14:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Bandoo
[2009/01/04 17:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\bang
[2010/03/28 14:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Facebook
[2010/12/03 15:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\HTC
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\InterVideo
[2005/10/03 13:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Leadertech
[2009/06/03 15:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Nokia
[2010/07/15 12:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\RegistryTool
[2010/05/31 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Samsung
[2002/09/11 21:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\Steinberg
[2010/03/18 00:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam Gilbert\Application Data\yoclient
[2011/05/07 14:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bandoo
[2011/04/22 11:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dGl06504oHfNg06504
[2008/11/22 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2008/11/22 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2004/08/11 17:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/05/05 13:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/07/15 12:15:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2009/11/05 11:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/28 20:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2002/05/20 03:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterTrust
[2002/07/07 17:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo
[2004/09/16 19:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ubisoft
[2011/05/14 15:13:29 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2001/01/10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/04 08:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/04 08:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/05/12 23:15:44 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=5DC59DAAFDA8E8D11BDE999E478A0C8F -- C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\rtmqfe\winlogon.exe
[2004/05/27 02:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\sp1qfe\winlogon.exe
[2004/05/27 02:38:46 | 000,483,328 | ---- | M] (Microsoft Corporation) MD5=E7F9D2E4E4A94A6F58014E5FFA16A65E -- C:\WINDOWS\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 09:01:08 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\soffice.exe\shell\open\command\\: "C:\Program Files\Office52\program\soffice.exe" [2000/05/08 05:20:00 | 000,217,088 | ---- | M] (Sun Microsystems, Inc.)
 
[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/30 09:01:16 | 000,552,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/30 09:01:08 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\soffice.exe\shell\open\command\\: "C:\Program Files\Office52\program\soffice.exe" [2000/05/08 05:20:00 | 000,217,088 | ---- | M] (Sun Microsystems, Inc.)
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\vga.dll:SummaryInformation

< End of report >