I followed the advice on malware page as suggested,
scanned for malware using malwarebytes, also used tfc and then scanned with otl
malware found and healed 2 objects
hijack.displayproperties
rogue.multiple
do you know what these to things are?
otl results
OTL logfile created on: 15/06/2009 19:47:37 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\jimmy\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16851)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.43% Memory free
4.00 Gb Paging File | 3.07 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 163.58 Gb Free Space | 54.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JIMMY-PC
Current User Name: jimmy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - [2007/01/09 22:59:00 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 01:19:00 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2008/10/14 22:02:52 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2007/02/16 20:08:14 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
PRC - [2009/05/20 17:55:10 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2007/01/09 22:59:00 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/02 10:45:47 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe
PRC - [2009/02/17 14:41:02 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PRC - [2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/06/26 16:04:40 | 02,165,256 | ---- | M] (Xpertvision, Inc.) -- C:\Program Files (x86)\XpertVision\TBPANEL.exe
PRC - [2009/02/04 15:24:38 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2007/01/09 22:59:00 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/01/15 21:07:52 | 00,084,480 | ---- | M] () -- C:\Windows\hffext\hffsrv.exe
PRC - [2009/06/12 12:13:05 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2009/04/24 17:25:27 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2007/03/02 16:51:40 | 00,173,672 | R--- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/06/15 19:37:06 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\jimmy\Desktop\OTL.exe
========== Win32 Services (SafeList) ========== SRV - [2008/10/14 22:02:52 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/02/16 20:08:14 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc [Auto | Running])
SRV - [2009/05/20 17:55:10 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/02/28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/01/09 22:59:00 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/09 22:59:00 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2006/11/02 07:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/20 02:12:21 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2007/01/09 22:59:00 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2007/01/12 20:40:00 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2006/11/02 16:03:48 | 00,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Running])
SRV - [2006/11/02 16:03:48 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])
SRV - [2006/11/02 16:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/03/30 00:57:11 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/11/02 16:04:35 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/17 14:41:02 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c99105677a0620 [Auto | Stopped])
SRV - [2009/03/24 15:20:33 | 00,183,280 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/11/02 16:04:35 | 00,781,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/01/14 00:11:00 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2007/01/09 22:59:00 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/11/02 16:04:36 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/03/30 00:37:02 | 01,251,720 | ---- | M] () -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/01/05 01:19:00 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2008/08/08 13:35:44 | 01,622,016 | ---- | M] (??????????) -- C:\Windows\system32\Nagasoft\vjocx.dll -- (vvdsvc [Auto | Stopped])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/11/02 16:04:42 | 01,214,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Driver Services (SafeList) ========== DRV - [2009/06/12 12:13:07 | 00,416,264 | ---- | M] () -- C:\Windows\sysnative\Drivers\avgldx64.sys -- (AvgLdx64 [System | Running])
DRV - [2009/05/20 17:55:28 | 00,033,352 | ---- | M] () -- C:\Windows\sysnative\Drivers\avgmfx64.sys -- (AvgMfx64 [System | Running])
DRV - [2007/03/16 11:11:20 | 00,015,648 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\SysWOW64\drivers\TBPANELX64.SYS -- (Cardex [On_Demand | Running])
DRV - [2008/01/15 17:09:42 | 00,047,470 | ---- | M] (Silence of Troubles United Company Ltd.) -- C:\Windows\system32\drivers\FDCENT.SYS -- (FDCENT [System | Stopped])
DRV - [2006/11/02 06:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/03/12 09:30:08 | 00,359,472 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080623.001\IDSviA64.sys -- (IDSvia64 [System | Running])
DRV - [2007/01/30 05:19:28 | 00,579,072 | ---- | M] () -- C:\Windows\sysnative\Drivers\dvb7700all.sys -- (mod7700 [On_Demand | Running])
DRV - [2006/10/31 16:23:42 | 00,015,680 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2007/01/22 09:09:34 | 00,054,784 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\SiSG664.sys -- (SiSGbeLH [On_Demand | Running])
DRV - [2007/01/09 15:32:00 | 00,016,696 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2008/08/18 13:50:28 | 00,172,080 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 15:32:00 | 00,152,888 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 15:32:00 | 00,048,440 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2007/01/09 15:32:00 | 00,043,832 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Running])
DRV - [2007/01/09 15:32:00 | 00,037,176 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/01/09 15:32:00 | 00,278,840 | ---- | M] () -- C:\Windows\sysnative\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2007/03/16 11:11:38 | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Stopped])
DRV - [2008/02/12 04:59:18 | 00,297,496 | ---- | M] () -- C:\Windows\sysnative\Drivers\vmm.sys -- (vmm [System | Running])
DRV - [2008/02/05 02:50:42 | 00,079,416 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\VMNetSrv.sys -- (VPCNetS2 [On_Demand | Running])
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (266075 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 9217 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Gainward] "C:\Program Files (x86)\XpertVision\TBPANEL.exe" /A (Xpertvision, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HFFSRV] c:\windows\hffext\hffsrv.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}
https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://gfx1.hotmail....NPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D}
http://59.60.191.66/spvod.cab (VodClient Control Class)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2}
https://signin3.valu...018/flashax.cab (FlashXControl Object)
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}
https://register.bti...bcontrol028.cab (webhelper Class)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/15 19:36:59 | 00,000,000 | R--D | M]
O34 - HKLM BootExecute: (lsdelete) - File not found
========== Files/Folders - Created Within 30 Days ========== [2009/06/15 19:36:55 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\jimmy\Desktop\OTL.exe
[2009/06/15 19:36:39 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\Users\jimmy\Desktop\TFC.exe
[2009/06/15 17:42:14 | 00,000,000 | ---D | C] -- C:\Users\jimmy\AppData\Roaming\Malwarebytes
[2009/06/15 17:42:10 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/15 17:42:07 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/15 17:42:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/15 17:42:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/06/15 17:40:09 | 00,000,230 | ---- | C] () -- C:\Users\jimmy\Desktop\Free Antivirus and Antispyware Software.url
[2009/06/15 17:37:43 | 03,371,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\jimmy\Desktop\mbam-setup.exe
[2009/06/13 12:27:14 | 00,000,000 | ---D | C] -- C:\Users\jimmy\Desktop\New Folder (6)
[2009/06/10 13:38:28 | 00,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/10 13:38:24 | 00,672,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/10 13:38:01 | 03,596,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/10 13:37:59 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/10 13:37:59 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/10 13:37:58 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/10 13:37:56 | 01,159,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/10 13:37:54 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/10 13:37:54 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/10 13:37:53 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/10 13:37:53 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/06/10 13:37:53 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/10 13:37:53 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/10 13:37:53 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/10 13:37:52 | 01,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/10 13:37:52 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/06/10 13:37:52 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/06/10 13:37:52 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/06/10 13:37:52 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/06/10 13:37:51 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/10 13:37:51 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/06/10 13:37:51 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/06/10 13:37:51 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/10 13:37:51 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/10 13:37:51 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/10 13:37:51 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/10 13:37:50 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/10 13:37:50 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/06/10 13:37:50 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/06/10 13:37:50 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/06/10 13:37:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/10 13:37:49 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/06/08 21:27:55 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/06/08 20:33:27 | 01,506,444 | ---- | C] () -- C:\Users\jimmy\Documents\36 ascot back gdn mum design.skp
[2009/06/07 16:13:23 | 00,214,760 | ---- | C] () -- C:\Users\jimmy\Documents\36 ascot back gdn template ish.skp
[2009/06/07 14:02:14 | 00,207,959 | ---- | C] () -- C:\Users\jimmy\Documents\36 ascot back gdn extend top step.skp
[2009/01/17 15:56:27 | 00,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2009/01/17 15:56:25 | 00,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2009/01/17 15:56:12 | 00,000,978 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009/01/17 15:56:12 | 00,000,370 | ---- | C] () -- C:\Windows\powerplayer.ini
[2008/08/09 19:50:52 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/08/09 19:50:51 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/08/09 19:50:49 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/09 19:50:49 | 00,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/09 19:50:49 | 00,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/08/09 19:50:48 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/08/09 19:50:47 | 00,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/03/30 13:26:38 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/03/28 12:45:03 | 00,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2008/03/28 12:16:11 | 00,008,523 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/03/28 12:08:54 | 00,008,296 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/03/28 12:08:47 | 00,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008/03/04 18:52:34 | 00,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2007/10/31 09:39:54 | 00,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/08/16 05:23:28 | 00,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll
[2007/05/17 13:58:10 | 00,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2006/11/02 13:34:27 | 00,000,660 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 13:34:27 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/09/13 12:06:10 | 00,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
========== Files - Modified Within 30 Days ========== [2009/06/15 19:48:31 | 00,000,558 | ---- | M] () -- C:\Windows\DFC.INI
[2009/06/15 19:44:51 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/06/15 19:43:36 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine.job
[2009/06/15 19:42:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/15 19:42:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/15 19:37:06 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\jimmy\Desktop\OTL.exe
[2009/06/15 19:36:44 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\Users\jimmy\Desktop\TFC.exe
[2009/06/15 17:42:10 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/15 17:40:09 | 00,000,230 | ---- | M] () -- C:\Users\jimmy\Desktop\Free Antivirus and Antispyware Software.url
[2009/06/15 17:37:52 | 03,371,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\jimmy\Desktop\mbam-setup.exe
[2009/06/13 22:35:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/06/13 22:35:05 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/13 13:47:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/06/13 13:47:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/06/12 21:18:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/06/12 21:18:37 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/12 17:43:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/06/12 17:43:31 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/06/12 17:32:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/06/12 17:32:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/06/12 17:10:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/06/12 17:10:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/06/12 13:19:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/06/12 13:19:46 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/06/11 21:05:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/06/11 21:05:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/06/11 13:03:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/11 13:03:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/10 13:58:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/06/10 13:58:10 | 00,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/09 14:38:18 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/09 14:38:18 | 00,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/06/08 21:27:55 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/06/08 20:33:28 | 01,506,444 | ---- | M] () -- C:\Users\jimmy\Documents\36 ascot back gdn mum design.skp
[2009/06/07 16:13:23 | 00,214,760 | ---- | M] () -- C:\Users\jimmy\Documents\36 ascot back gdn template ish.skp
[2009/06/07 14:02:15 | 00,207,959 | ---- | M] () -- C:\Users\jimmy\Documents\36 ascot back gdn extend top step.skp
[2009/06/07 13:47:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/06/07 13:47:17 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/06/06 15:51:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/06 15:51:19 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/06 13:59:04 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/06 13:59:04 | 00,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/06 13:54:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/06/06 13:54:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/05 12:04:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/06/05 12:04:39 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/06/04 14:01:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/06/04 14:01:06 | 00,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/06/03 11:58:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/03 11:58:01 | 00,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/31 22:09:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/31 22:09:38 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/30 13:34:25 | 00,208,259 | ---- | M] () -- C:\Users\jimmy\Documents\36 ascot back gdn template.skp
[2009/05/29 11:31:47 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/05/29 11:31:47 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:16E029F0
< End of report >
Thanks for your help so far i hope i can resolve my problem which still exists.