OTL logfile created on: 02/07/2012 09:38:11 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\User\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1014.05 Mb Total Physical Memory | 284.68 Mb Available Physical Memory | 28.07% Memory free 2.39 Gb Paging File | 1.74 Gb Available in Paging File | 72.87% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.89 Gb Total Space | 24.48 Gb Free Space | 43.80% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/07/02 09:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe PRC - [2012/07/01 12:25:45 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/04/29 10:43:41 | 000,119,296 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/03/26 08:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012/01/11 16:02:56 | 000,194,904 | ---- | M] ( ) -- C:\Program Files\GbPlugin\gbpsv.exe PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe PRC - [2010/01/19 15:23:36 | 007,058,704 | ---- | M] () -- C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe PRC - [2010/01/19 15:23:26 | 008,262,928 | ---- | M] (Steek) -- C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/02/20 12:24:34 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe PRC - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2006/07/13 06:33:14 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe PRC - [2006/07/13 06:22:50 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe PRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/06/21 22:18:42 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll MOD - [2012/06/21 22:10:23 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll MOD - [2012/06/21 22:10:04 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012/06/21 22:09:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012/06/21 20:21:03 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012/06/21 20:20:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012/06/21 20:20:22 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012/06/21 20:17:33 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012/06/21 20:17:12 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll MOD - [2010/01/19 15:23:36 | 007,058,704 | ---- | M] () -- C:\Program Files\VirginMedia\V Stuff Backup\AGMailAgent.exe MOD - [2009/11/03 16:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files\QuickTime Alternative\AAS\ASL.dll MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2007/08/21 13:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2006/10/18 17:51:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006/10/18 17:50:22 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll MOD - [2006/01/19 05:33:38 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL MOD - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe /SERVICE -- (IBUpdaterService) SRV - [2012/07/01 12:25:45 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/01 12:18:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/29 10:43:41 | 000,119,296 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/01/11 16:02:56 | 000,194,904 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService) SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService) SRV - [2007/02/20 12:24:34 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/10/18 18:01:34 | 000,290,816 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\utqxnjcz.sys -- (utqxnjcz) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\DellBIOS.Sys -- (DellBIOS) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - [2012/07/02 09:29:06 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD9A2461-598C-4B11-9161-C2980DAE7B10}\MpKslb12e0411.sys -- (MpKslb12e0411) DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012/01/11 16:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm) DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\User\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL) DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\User\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV) DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2007/11/08 11:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2006/11/21 23:05:48 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2006/10/19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/09/09 21:14:16 | 000,280,448 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrvw125.sys -- (W8335XP) Marvell Libertas 802.11b/g Driver for Windows XP (8335) DRV - [2005/09/01 17:54:26 | 000,032,000 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtf32bus.sys -- (GTF32BUS) DRV - [2005/09/01 17:54:12 | 000,007,936 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER) DRV - [2005/08/29 15:45:24 | 000,018,944 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER) DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV) DRV - [2005/06/10 06:55:28 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4) DRV - [2005/05/17 15:21:00 | 000,010,240 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\SPC610NC.dll -- (SPC610NC) DRV - [2004/08/04 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/04 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004/06/15 14:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTKCMOS.sys -- (GTKCMOS) DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 F8 83 56 BE 0C CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=IEFM&src={referrer:source?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ALSV5&o=1665&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=AU&apn_dtid=aus001YYGB&apn_uid=CB741B82-9702-4C53-A724-7811060CD990&apn_sauid=366B91DF-2AB4-49C2-BDA8-57E79A6B285F IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60341 IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&FR=chr-vmn&type=oovoo2_0yach&q={searchTerms} IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=WEATDF IE - HKCU\..\SearchScopes\{687075BD-F60F-4287-BFDF-4B9A496E9792}: "URL" = http://www.dealio.com/products.html?kwd={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_en IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C6F93873-0DCF-468C-9BD2-1122A6D12581}&mid=fb9290cceac047d0aeecd151cd34dad0-a268ace63ffdb333fc37218aeddeeadf37433c1e&lang=en&ds=gf011&pr=sa&d=2012-06-12 20:07:48&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AC5C6BAC-4C0A-4DC8-B743-8339002D08B1}: "URL" = http://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363 IE - HKCU\..\SearchScopes\{E5EE3F0C-E097-46D9-AE5A-97A6367338DF}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vendio&p={searchTerms} IE - HKCU\..\SearchScopes\Live Search: "URL" = http://findgala.com/?&uid=319&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/07/12 17:56:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2009/01/31 16:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007/12/12 01:29:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/06/11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\plugins\npqtplugin5.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: setuptool = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkjpkkngdbnbhpcggidmeoemlgmgheam\2.3.9.0_0\ CHR - Extension: Babylon Translator = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2012/06/21 16:09:01 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - Reg Error: Value error. File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Auslogics Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Value error. File not found O4 - HKLM..\Run: [Cosmi Firewall] C:\Program Files\Cosmi\Firewall\firewall.exe File not found O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media) O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [V Stuff Backup] C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe (Steek) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BTRS28059; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; MS Internet Explorer; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; update/00319; 66860803; AskTbALSV5/5.9.1.14019)" -"http://www.eurolines.co.uk/coach/index.aspx" File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: bancoreal.com.br ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: bancosantander.com.br ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([www2] https in Trusted sites) O15 - HKCU\..Trusted Domains: realsecureweb.com.br ([wwws] https in Trusted sites) O15 - HKCU\..Trusted Domains: santander.com.br ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: santanderempresarial.com.br ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: santandernet.com.br ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: santandernet.com.br ([wwws] https in Trusted sites) O15 - HKCU\..Trusted Domains: santandernetibe.com.br ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: secureweb.com.br ([www] https in Trusted sites) O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.newdc.oum.edu.my/lib/unitemlibrary/support/plugins/ebraryRdr.cab (Infotl Control) O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100223143429 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340292172656 (WUWebControl Class) O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340302579187 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (DownloadManager Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8118A134-8733-425F-9542-24C7A9E3C9A4}: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\t-mobile - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\PROGRA~1\GbPlugin\gbiehAbn.dll) - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real) O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper2.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper2.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll (Banco Real) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/06/10 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9fddb5e8-7b52-11dd-ab99-001b7723a208}\Shell\AutoRun\command - "" = D:\wdsync.exe O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell - "" = AutoRun O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b327e6be-f32d-11df-b139-001b7723a208}\Shell\AutoRun\command - "" = D:\PlanetGizmo.EXE O33 - MountPoints2\{f0fc92ee-5091-11df-b055-00158316c113}\Shell\AutoRun\command - "" = D:\vgyn6ewc.exe O33 - MountPoints2\{f0fc92ee-5091-11df-b055-00158316c113}\Shell\open\Command - "" = D:\vgyn6ewc.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/07/02 09:36:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2012/07/02 09:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2012/07/02 09:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller [2012/07/01 19:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/07/01 13:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Search [2012/07/01 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2012/07/01 12:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com [2012/06/30 21:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Updater5 [2012/06/30 21:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/06/30 21:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/06/30 19:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics [2012/06/30 16:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo [2012/06/30 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Dell Inc [2012/06/30 15:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Deployment [2012/06/30 15:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr [2012/06/30 15:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center [2012/06/30 15:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PCDr [2012/06/24 14:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\WinRAR [2012/06/24 14:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR [2012/06/24 14:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR [2012/06/24 14:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012/06/24 13:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Job related docs and CV [2012/06/22 13:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Livros_Books [2012/06/21 19:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2012/06/21 19:29:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell [2012/06/21 19:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2012/06/21 19:29:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2012/06/21 19:28:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM [2012/06/21 19:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search [2012/06/21 19:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search [2012/06/21 19:27:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy [2012/06/21 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in [2012/06/20 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/06/20 18:51:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012/06/20 13:43:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2012/06/20 13:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2012/06/20 13:43:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2012/06/20 13:18:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2012/06/17 15:07:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2012/06/16 11:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Radialpoint [2012/06/12 22:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PerformerSoft [2012/06/12 22:34:23 | 000,017,464 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe [2012/06/12 22:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService [2012/06/12 20:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Ashampoo [2012/06/12 20:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\ashampoo [2012/06/12 20:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo [2012/06/12 20:06:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/06/12 13:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/06/12 13:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/06/12 13:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/06/12 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/06/10 23:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Toolbar4 [2012/06/10 22:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012/06/10 22:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2012/06/10 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\uTorrent [2012/06/10 22:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\setuptool [2012/06/10 22:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\CRE [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/07/02 09:53:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE623624-F402-4679-8AD1-AC1494E77203}.job [2012/07/02 09:49:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{31703581-30B9-43EA-93AE-8469AA7D9596}.job [2012/07/02 09:36:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe [2012/07/02 09:25:17 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/07/02 09:16:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/07/02 09:14:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/07/02 09:14:48 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys [2012/07/02 00:06:27 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Word.lnk [2012/07/01 12:39:47 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/07/01 12:39:47 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk [2012/07/01 12:15:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012/07/01 12:01:19 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Update Checker.lnk [2012/06/30 22:50:52 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk [2012/06/30 22:50:52 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/06/30 21:52:11 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/06/30 21:09:39 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/06/30 16:56:29 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll [2012/06/29 18:14:11 | 000,000,477 | ---- | M] () -- C:\WINDOWS\lexstat.ini [2012/06/29 11:03:09 | 000,000,092 | ---- | M] () -- C:\WINDOWS\dellstat.ini [2012/06/29 10:32:34 | 000,407,207 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Dito na sua Sala, esperando algum jogo do Corinthias!!! Rs....zip [2012/06/28 22:52:25 | 000,074,966 | ---- | M] () -- C:\Documents and Settings\User\Desktop\532102_385523391508349_1710843818_n.jpg [2012/06/21 21:02:57 | 000,503,900 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/21 21:02:57 | 000,087,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/21 19:27:26 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2012/06/21 18:43:25 | 000,142,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/06/21 16:09:01 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/06/20 19:27:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2012/06/20 13:31:48 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/06/17 15:40:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/15 23:20:16 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk [2012/06/12 20:21:38 | 000,000,021 | ---- | M] () -- C:\Documents and Settings\User\Application Data\ISOWorkshop.ini [2012/06/12 13:23:06 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/06/10 23:25:55 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/07/01 13:25:35 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FE623624-F402-4679-8AD1-AC1494E77203}.job [2012/07/01 12:15:16 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk [2012/07/01 12:15:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012/07/01 12:01:19 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Update Checker.lnk [2012/07/01 12:01:19 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Update Checker.lnk [2012/06/30 21:09:39 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/06/30 17:57:57 | 000,083,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/06/30 16:56:29 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll [2012/06/29 10:32:31 | 000,407,207 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Dito na sua Sala, esperando algum jogo do Corinthias!!! Rs....zip [2012/06/28 22:52:43 | 000,074,966 | ---- | C] () -- C:\Documents and Settings\User\Desktop\532102_385523391508349_1710843818_n.jpg [2012/06/21 19:27:26 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk [2012/06/21 19:27:26 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2012/06/21 19:22:16 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb [2012/06/21 16:37:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/06/21 16:37:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012/06/21 16:37:02 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll [2012/06/21 16:32:52 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll [2012/06/21 16:32:52 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll [2012/06/20 19:37:11 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2012/06/20 19:27:13 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/06/20 13:32:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2012/06/20 13:32:53 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2012/06/20 13:32:49 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2012/06/15 23:20:16 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk [2012/06/12 20:21:38 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\User\Application Data\ISOWorkshop.ini [2012/06/12 13:23:06 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/06/11 01:16:34 | 000,126,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/06/10 23:14:51 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog [2012/06/10 22:46:09 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/06/10 22:46:08 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk [2011/09/03 19:36:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\aespro.ini [2011/04/02 20:01:16 | 000,012,524 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\jcl665ep0rnlp562hps [2011/04/02 20:01:16 | 000,012,524 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps [2010/10/03 23:07:50 | 000,003,594 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel [2010/09/16 22:36:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2010/03/02 14:44:41 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\User\Application DatadMb.dat [2009/07/30 20:06:46 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\User\Application Data\burnaware.ini [2008/09/24 23:36:04 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat [2007/09/12 23:40:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Application Data\AVSDVDPlayer.m3u [2007/08/10 01:33:59 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/08/10 01:11:50 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== LOP Check ==========[/color] [2010/02/18 12:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2012/06/12 20:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo [2008/08/26 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7 [2012/06/21 16:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSoftware [2010/02/18 14:36:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\be0ca07 [2012/05/11 09:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth [2007/08/02 23:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2012/06/12 20:06:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/10/03 21:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2009/08/24 08:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier [2010/09/15 12:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure [2012/06/01 09:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GbPlugin [2012/06/13 12:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService [2011/08/16 22:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2012/06/30 17:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2009/08/27 14:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage [2012/03/30 14:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2012/05/13 14:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! for Skype [2012/05/31 21:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2012/03/31 15:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security [2011/04/12 23:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2008/02/14 20:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2012/06/30 15:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2012/06/15 23:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint [2010/02/18 12:14:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SARDURPEZV [2009/02/20 11:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2011/04/16 17:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc [2012/06/03 01:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software [2009/02/24 17:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2012/07/01 12:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2009/04/01 10:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/12/13 02:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2010/10/27 14:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper [2012/06/15 23:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media [2009/12/10 20:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirginMedia [2012/06/12 13:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/04/03 20:28:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0 [2012/06/12 20:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ashampoo [2011/04/03 18:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics [2009/08/27 21:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\bppeng11 [2008/02/14 20:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Datalayer [2011/04/12 22:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DriverCure [2012/06/30 19:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics [2010/10/03 23:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0 [2011/01/12 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ICAClient [2008/05/05 10:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell [2009/02/20 16:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit [2007/08/03 01:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech [2008/06/25 00:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire [2012/05/31 22:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia [2011/09/07 17:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ooVoo Details [2010/02/18 13:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\oovootb [2009/05/29 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Panda Security [2011/04/12 22:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ParetoLogic [2012/05/31 22:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite [2012/06/30 15:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr [2012/06/13 09:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PerformerSoft [2012/06/16 11:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Radialpoint [2011/04/16 17:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpeedMaxPc [2012/05/19 21:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SpeedyPC Software [2012/06/10 23:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Toolbar4 [2010/04/03 12:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trusteer [2010/11/09 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TSO [2011/04/03 18:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue [2012/07/01 12:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent [2011/04/16 17:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Virgin Media [2012/06/21 19:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search [2012/07/01 13:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search [2012/07/02 09:49:09 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{31703581-30B9-43EA-93AE-8469AA7D9596}.job [2012/07/02 09:53:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FE623624-F402-4679-8AD1-AC1494E77203}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 412 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:C40EEE98_Cef.gbp @Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:C40EEE98_Bb.gbp < End of report >