Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows vista won't boot after running Hitman

Started by haniarob , Feb 02 2011 02:18 PM

Please log in to reply

#1
haniarob

Posted 02 February 2011 - 02:18 PM

Member

Member
10 posts

I had some kind of fake Trojan AV virus and had a problem with internet searches redirecting to other sites. I downloaded and ran hitman, but after re-booting Windows now won't start up. I have managed to start in safe mode but have no idea what I can do now. It seems like it won't let me now do a system restore or back up any files.

Can anyone help me?

Would be greatly appreciated.

Thanks,
Hannah

#2
Essexboy

Posted 02 February 2011 - 02:19 PM

GeekU Moderator

Retired Staff
69,964 posts

Are you able to run programmes in safe mode ?

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
haniarob

Posted 02 February 2011 - 02:40 PM

Member

Topic Starter
Member
10 posts

Hi - thanks for your reply!

Please see below:

OTL logfile created on: 02/02/2011 20:30:08 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Hania\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 28.65 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 97.80 Gb Free Space | 87.49% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 4.65 Gb Free Space | 46.45% Space Free | Partition Type: NTFS

Computer Name: HANIA-PC | User Name: Hania | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/02 20:29:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
PRC - [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/06 03:30:00 | 002,367,488 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

========== Modules (SafeList) ==========

MOD - [2011/02/02 20:29:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
MOD - [2006/11/02 09:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/02/02 19:06:22 | 006,347,584 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Users\Hania\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTA7GPLI\HitmanPro35[1].exe -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - [2011/01/13 08:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/06/13 10:17:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/04 13:44:47 | 000,606,720 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2007/12/13 01:34:45 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/07 18:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 21:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/01/13 08:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 08:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 08:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 08:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 08:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/05/04 13:44:47 | 000,141,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2007/12/13 01:41:40 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/13 01:41:40 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/13 01:41:40 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/25 08:40:58 | 007,617,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/24 09:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 18:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/21 19:33:54 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/12 21:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/27 07:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 07:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 07:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 12:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/07 01:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 23:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 23:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/03 02:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/03 02:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/03 02:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 08:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 07:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/05 00:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/03/02 08:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004/03/02 08:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adiusbaw.sys -- (adiusbaw)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=eu&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=eu&l=en&s=gen
IE - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/23 17:45:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 19:53:36 | 000,000,000 | ---D | M]

[2009/01/25 18:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions
[2008/06/17 14:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/01/22 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\wespzs6t.default\extensions
[2009/09/05 11:43:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\wespzs6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/22 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/23 17:45:13 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2010/06/23 20:37:58 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/23 20:37:58 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/23 20:37:59 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/23 20:37:59 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [autoclk] C:\Windows\autoclk.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll ()
O9 - Extra 'Tools' menuitem : Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photob...geUploader4.cab (PhotoBox uploader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photob...ploader_uni.cab (PB_Uploader Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hania\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hania\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27482fdd-4815-11dd-aa81-0021706cd58d}\Shell\AutoRun\command - "" = olb1iimw.bat
O33 - MountPoints2\{27482fdd-4815-11dd-aa81-0021706cd58d}\Shell\explore\Command - "" = olb1iimw.bat
O33 - MountPoints2\{27482fdd-4815-11dd-aa81-0021706cd58d}\Shell\open\Command - "" = olb1iimw.bat
O33 - MountPoints2\{c08b6c06-3bae-11dd-a247-0021706cd58d}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1455063408-4167610277-2528936723-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/02 20:29:08 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
[2011/02/02 19:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/02 18:19:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/02 18:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/02 18:19:27 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/02 18:19:27 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/02 18:19:27 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/02 18:19:27 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/02 18:18:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/02 18:18:49 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/02 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/02 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/29 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Powercinema
[2011/01/25 23:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
[2011/01/25 20:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/01/25 19:16:08 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/01/23 11:16:25 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Roaming\Awalag
[2011/01/21 07:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
[2011/01/21 07:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2011/01/21 07:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Fun4IM
[5 C:\Users\Hania\Desktop\*.tmp files -> C:\Users\Hania\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/02 20:29:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
[2011/02/02 19:34:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/02 19:34:10 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/02/02 19:32:59 | 000,027,335 | ---- | M] () -- C:\Users\Hania\AppData\Roaming\nvModes.001
[2011/02/02 19:32:28 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/02 19:17:22 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/02/02 19:15:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/02 19:13:32 | 000,002,924 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/02/02 18:38:30 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/02 18:38:29 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/02 18:19:29 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/02 18:19:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/01 22:06:33 | 228,994,687 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/25 21:37:06 | 000,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/01/24 07:21:48 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/24 07:21:48 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/13 08:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 08:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 08:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 08:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 08:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 08:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 08:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/06 20:48:50 | 000,000,162 | -H-- | M] () -- C:\Users\Hania\Desktop\~$stings Direct.doc
[5 C:\Users\Hania\Desktop\*.tmp files -> C:\Users\Hania\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/02 19:16:24 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/02/02 19:13:32 | 000,002,924 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/02/02 19:07:21 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/02 18:19:29 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/01 22:06:03 | 228,994,687 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/25 21:37:06 | 000,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/01/06 20:48:50 | 000,000,162 | -H-- | C] () -- C:\Users\Hania\Desktop\~$stings Direct.doc
[2009/01/25 19:26:46 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/07/16 18:12:50 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/04/05 21:08:57 | 000,024,206 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\UserTile.png
[2008/03/03 12:30:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/03 12:30:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/03/03 12:27:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/03/03 12:25:28 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/03/02 13:42:47 | 000,141,312 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2008/02/19 16:03:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/12 15:28:51 | 000,004,096 | -H-- | C] () -- C:\Users\Hania\AppData\Local\keyfile3.drm
[2008/02/02 10:01:28 | 000,007,592 | ---- | C] () -- C:\Users\Hania\AppData\Local\d3d9caps.dat
[2008/02/02 09:54:01 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/01/29 18:53:04 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2008/01/25 17:34:25 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2008/01/25 17:33:45 | 000,001,061 | ---- | C] () -- C:\Windows\adiras.ini
[2008/01/25 17:33:45 | 000,000,154 | ---- | C] () -- C:\Windows\adidsl.ini
[2008/01/25 17:33:43 | 000,143,360 | ---- | C] () -- C:\Windows\System32\coclassfast.dll
[2008/01/25 17:33:39 | 000,046,892 | ---- | C] () -- C:\Windows\System32\adadix16.dll
[2008/01/24 20:58:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/24 20:27:22 | 000,032,256 | ---- | C] () -- C:\Users\Hania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 20:21:01 | 000,000,092 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\wklnhst.dat
[2008/01/24 20:18:06 | 000,027,335 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\nvModes.001
[2008/01/24 20:17:23 | 000,027,335 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\nvModes.dat
[2007/12/13 01:42:01 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/12 18:01:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/09 21:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/01/25 19:40:25 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Astei
[2011/01/23 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Awalag
[2011/01/25 18:24:54 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Exri
[2008/04/05 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\FlashGet
[2011/01/25 19:17:33 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Iwam
[2011/01/23 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\NetMeter
[2008/04/11 09:14:23 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PC Suite
[2008/03/03 12:55:26 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\ScanSoft
[2011/01/30 14:26:03 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Spyware Terminator
[2008/01/24 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Template
[2008/06/17 14:48:37 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\TomTom
[2011/01/25 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Yqrupu
[2011/02/02 19:15:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/25 19:01:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/25 19:01:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\System32\svchost.exe
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 07:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 07:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< c:\system volume information|_REGISTRY_MACHINE_SOFTWARE;true;true;true /FP >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\TomTom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\Research:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\My PaperPort Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\djvureader[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\Audible:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Desktop\trójka.asx:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 02/02/2011 20:30:08 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Hania\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 28.65 Gb Free Space | 28.89% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 97.80 Gb Free Space | 87.49% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 4.65 Gb Free Space | 46.45% Space Free | Partition Type: NTFS

Computer Name: HANIA-PC | User Name: Hania | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1455063408-4167610277-2528936723-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CB978B38-0288-40F2-ADFD-1EC7980F7488}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033B226C-2010-484B-B6E7-371BFE3E4DDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05322CAA-2F5E-4004-8C56-3C522DA142A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0560688A-8E2E-432C-8136-1B517FF61AA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05A5E345-95DC-4092-9144-E159CA5864F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{061CEB87-6A7C-4949-9BB5-043B8EC250A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{066B891D-7F39-4A82-BD69-1A0F6738188E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07712E8A-2DDC-4E9F-83D8-A96321AFB330}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{079FCC3F-2EDC-42C8-898A-1BB5FD168F38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0837DA06-F66A-4D7F-9920-279F3B8C03BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0839FFF4-9B71-4ADA-B5DF-C8ED9C25CA0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{085CCF62-0A58-4D20-BF70-B7A524875BF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{088E9CE6-7500-42FA-B4FD-DDD69D851B56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09983085-E302-4F78-8615-1E81919DDD68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A022833-8962-49C5-850F-CC9DB8C7D4EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A4FF12F-CA30-4956-AD19-62C5956B5271}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CC65B41-B24B-451F-9A17-B6417A91A697}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D575BF3-CFF8-49F6-BAC3-2E096A57A23E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D6F35DA-D3C8-40F1-9FAF-6999723501BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D859054-BFF8-4FE0-8A06-D7F0038BE7A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DD08242-7D2A-4B49-979B-BCBE868A708D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E4FB45A-7815-4D88-BC50-CB3D9E56D947}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E9F6AD7-EA29-4F14-A7D3-D13AB370E028}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ECE233C-E036-4077-8EB0-CD5AF5FBEE4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{101A400C-50A3-406A-9E23-7413E067B312}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10E5FA25-FB5B-47F1-8DC7-0C731395B40F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{116E6D2F-428C-40F9-B29A-3B9D2122ECAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1191DC49-4938-4CD8-8BA8-4CBCF503DF2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11EA72D4-C580-4DE2-940B-E4260241E83F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1264F827-7B19-4344-94A5-2E13F4BBE069}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{154B4128-DD4C-4784-AC11-AF9974ABEAC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{163DB28D-C099-498D-B0F2-8701214B2F30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16A71FEF-D197-4B96-B586-826A4FD8B8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16C6A5C0-F60C-4BAC-92F6-480A314C5FED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BEB454A-D0E3-4432-939E-80D2853CD0B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DD6BC1D-A17E-4CDB-B9D8-409BBB62523B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E63B786-A71E-477A-820F-593DD70870C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1ED9477C-8E53-4C96-8D50-4BD98DB943B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{207FA267-57E5-4826-A240-ED41BC70406F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2225EDC8-0377-4DA7-9CCA-F5EE69AF9667}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{226BC0F1-E65F-4E0C-A231-D76D0487F645}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2353BFF6-6A85-4F86-87D0-4037BCB77452}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{243E6C85-7E16-4A8B-9340-1403D694F6F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{269BEB26-CE48-487A-9A72-102F139CB28F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26BBCB0F-D190-47F3-A4CB-06C1F870F31F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28214C59-4B47-4AD9-8D86-DFCB11FF5378}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29AD8985-38D5-4EA5-9B70-97D3606FAEC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BAED42C-2D7D-4BC3-A131-2664B506D370}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C20048F-5146-4CA5-AF42-B70BC9AFF121}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C698606-C13B-4077-9664-A797C7472025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F37006B-C7E0-4B88-9FEB-84442D5FA1E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F5C0296-9FBA-423F-86F5-8A476F2F31AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3181B119-8353-4168-917A-3D7692BD6EF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{330513F3-F7AD-4700-8DFA-DDA498B552FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33B354DA-C842-4B41-B582-771C8C43612F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{363BBFFE-6CEB-48F2-A098-8AA854BF2276}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3653ED57-FA60-48E9-9826-1C76177794C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36BAE843-F375-4CAB-9F7E-325FEAC39164}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{374C2A51-9E86-4AF1-AD6D-3CD600B7B644}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3999C808-B146-4980-BED2-28DC862BA276}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39A9331F-05E9-47A3-AAD5-C126568F54B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39E2323E-B750-4A86-8608-2A8EAD61952C}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{39EE26D9-5D98-48EA-A491-C6B8A5403FF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A060A6E-317B-410C-A1BE-84F35A9A34C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A62E2AA-08CD-46F8-8636-D46B172E4002}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B8B5FA1-25FB-4F1F-BE7C-8795F11B4BA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C228303-C495-45BD-AC40-A12B42A190D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D24C782-782C-4770-98F5-3A749C0CFAF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E4DBEC8-6DAC-4D27-B935-D60E1994BD72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDB8304-9D23-4496-AFEE-78861FA024F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40FD0927-CC69-4A88-BC9E-A97B40762663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41EB3FDE-DC7D-42A1-93D4-75BA08EE4198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4423CE29-616D-437B-B75D-E1B70141B647}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44618D52-DB27-4042-BD78-26F8D90206CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{448C8096-A291-4AE9-9536-CE00034C39F4}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4539B48F-D915-4771-9FFA-22CE8FC1211D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46102CAD-BF22-4CB9-B390-0D8FBC521264}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4630F1B9-33F4-4E86-9ECA-A866AB1C49A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46F17930-1B60-4D47-B31D-7EB87960C924}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47B091CE-01A8-4E1F-A5E2-484B2A16777B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48484290-0BD7-404F-8971-233206017959}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4912CA3C-6CB9-43AC-B99E-C55AEF93071E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{491D2539-C5DF-4463-B354-4F6DE87A68C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4924E3C0-5709-4741-84C9-BA027EDF8AA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A136128-0F02-488F-847B-54D1E16BDBD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AA2C8A4-A537-423B-95AB-AE29F9D6640D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AD6688F-F236-42F1-9D2C-3365C7A29611}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AEAFB42-4657-4371-BF1C-3D454C384E1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C850798-60BF-4CB1-A04C-6404A1E6276C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F866DCB-C1F9-4779-B209-6DBD39E42100}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F9DCEE0-5266-4789-B4E1-48BEAF7633D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{502EF522-68C5-403F-9A4E-D98A405569D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50BCAB65-B5A5-4D74-9B85-42A49CDFEEFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{510F88B2-018F-4CBD-9ECC-0BA16CB22416}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{517FF834-6181-4276-A8E4-115D2686CCAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51C76A8F-7EC4-4C68-8D8E-34E666CB85B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54D940B1-A3C9-4A42-8668-C67776F6B1EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55359C14-6FF6-4CF4-84C2-0A45CBD090A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5689E084-3738-4B86-8EB6-8BC275929AE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57FEAE8D-BF82-4E07-9819-98AF7A5C9813}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58B242B5-14DD-47B2-91E5-54324ED0E3C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58C390FE-9558-4E9C-95A0-AFA5EB2240EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A5540C7-5888-4039-9F69-B21AFC5453B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B127855-9F72-468A-8B10-38C9A6C2B9E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C34D45C-E3AC-443B-82F6-50DBDB17D69E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CA8B97E-F89C-4A6B-9D5B-3BD8B6037903}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D01F49D-57B4-4400-85E5-1F23D8D374C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D14C317-91BB-4D6B-BE62-1CA2431DA30F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F16D75E-2F7E-467A-B066-D985C6937BEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F624D35-6668-43B5-B529-8E4761DC9EBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6001B77A-E191-496D-9F9B-9A0423B74145}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6056B57C-65CE-4A4C-87A4-CE7D92652F38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61ED9590-2B85-498F-B8E2-16111DCB9E77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6296E9AF-AF44-4780-920A-629E08789B88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62AF84CF-0166-46DC-A81E-1BAA204D6EFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62F08D48-F2F8-4BFD-BBAE-360CD47F99C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{633572B2-9E36-4623-AF2A-E9FBE600F98E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{637ACF45-A4C1-4084-AE48-A5D9FC996A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63D97BF9-53A8-4E91-816F-EDAC1F75D823}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6632FFCC-ED6B-4A56-99C5-C140381EB2CB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{67733615-D81D-4E47-B0A4-9601EEE94E14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68139BB2-3C5F-441C-95E1-ED0BE73D0ABC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68960711-3606-4CF9-BC06-CB4F87638B08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AA5A511-8BD7-425F-8F5F-1BC8313C7F15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AAD10B2-6779-4D31-8BDC-9EC3A834769E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C08D7A8-C15F-4604-9959-9924A61A421C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6C32F51A-E207-4E58-887F-804F0E9AE27D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E48A790-7D77-4A6B-9CFD-22EB91C89777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E65A45C-D4B1-4FBF-B3E1-9EF672618C6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ECCD69F-9A95-4BE2-9FE4-7029C400A310}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F4C17D6-6036-4E37-92E9-6AD427F3442A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FD058B5-3D9A-4C4A-9188-BE42B7D8D4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7087B1F5-F45C-4A47-B5A3-30ED6C398C43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7137DB7A-2B7E-40F8-AD0D-F4020C47BE45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72F26D0B-89DA-4C4D-A996-33379988F15A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73145253-367F-4777-8533-85885E7977AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{733AEF56-69B1-42AD-AFDF-B01562FD32A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76C4966F-CE7D-476A-A65D-77B91B23060E}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{76F2E84C-54FF-42F9-B935-E4C90678EB18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{772C8708-8BAE-4D8B-B395-07FE3720B40C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77C9EE37-45E9-487F-98AC-AD722666058A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{786DC93B-23BE-4500-8307-B580D8EA27C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A2F900B-98A4-40D6-A6BD-ABE78DCC733F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A4D2219-43CA-4DAE-A164-A426E28E2CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D4D6441-EFE8-46C7-BC8B-9C28DB695ABB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DE27D87-D8BD-479D-B621-EFE75A1C749A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DE356D1-5623-4C91-A8CE-922B229FC5A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8064F81F-F9CD-4260-8831-C29EC066EB1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80830B38-616C-46B3-AD8B-46F5987AEA38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81ECE11A-8C31-4BFA-A9E3-162BB849337A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{839146B2-C45B-4A71-B6B7-9C7194593887}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83B4CE79-BCCA-4F12-ACF8-A857A296C8D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{845674DF-7437-40B5-8C68-A2BF0E026AA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84AEB688-87ED-4391-87AB-F46A1884F245}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85BF3BAD-9A5E-4820-8400-4D647662A712}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{866FFB08-4970-41B5-8086-C7A39F21700A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{895C4839-43BB-4906-9D5F-435BB40A888A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B547902-C739-43BD-B7AA-9370C71E78A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BC7CED6-154A-4F96-9DC7-CE09A9241594}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DA2762D-62CF-4160-8FB7-072154D8F83B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DDACA30-BF0C-4237-B238-549A3BDC5086}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E1CF7AA-623C-4452-9360-3B375A307826}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EF69B55-30D7-42B7-A8EB-3E9886449EBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F4A86F3-743F-4EFA-BBEA-45538E914501}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9084B980-BBAA-4D91-819C-84AD5EE18432}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90A6405B-F18F-43AC-B1EA-EE26FB4A2679}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90FE5F6A-61E7-463D-BDF6-D2656F418EA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91F59189-EEE1-4BB4-903F-1ECD19F75778}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9289F0F7-0AC4-4672-A954-79A61CA7EDAB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{92E2831A-500D-4BDD-995F-749B3450FED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93D38334-3E21-4060-8304-BB258A0E595E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{940BB734-4D8D-488E-B8AA-115B06B69866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94A27E3C-3D71-47B9-A4C1-B68E334E4D03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{965CE278-6B43-400B-B575-5F284A96AC04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97AC0E11-687E-45D6-853C-701211FA15DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{991396A4-E989-4179-9A7F-0B3070137D91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{996AD9FB-A4E3-4AE5-96F7-6F9316DF817F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A4C6B57-43D2-4C53-9367-0D68E29E3C1C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{9D0F7A75-99EF-404A-9FE8-A25465B68EF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D3C931B-37C2-46A5-B3E3-24ADD2DBD809}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F40FDD6-3DE7-4AE8-8674-FFF1D2D00CC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F53D3C8-066D-413B-994F-1D46F63B0834}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0A34C1B-12B6-43F4-9000-1E4FFD7AAF10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0A9D8DA-EC1B-4536-8C7B-78BA9F07A7BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1181144-EC63-4171-8BB9-A4E4B381290B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A1A48E9B-81B6-484C-AFFF-8AA68395747E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1C35AC3-6AF6-4662-A817-14103CDCDAA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2B91576-954C-4002-AAC1-772C2A7AFBA1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A42E9628-231C-45AC-8CF8-AC3855B61034}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A66D4DD2-372B-4CF7-8E13-65622FC92C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6D0EAA6-D296-498E-AA07-61437B344F8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7450313-EC8D-498F-B5F7-1C32D1D949D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A839FDB1-EAC0-4EEB-B0A6-06E3A0D37B8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A858D31B-42FC-44F6-85C3-F8224E5B9DBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8F3D182-9E01-4AF4-BBD2-FDFBC16E6311}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A93ADA5A-ED91-44EC-9F2A-DA9104EDC1AF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{AA0D8454-7784-4A71-A0BB-020A5FE0E225}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA3CAAC3-CDD4-4290-99FB-09CD50B49093}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA610FAD-82A4-49DC-A6A2-8ECC409916FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB0C12BA-84C6-4A42-92B6-693868B10058}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB3F92B0-0940-4041-958C-820AE2D77F5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC9CAB2D-6F75-46E4-A15A-69491B80C40D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEF28A55-E38B-40AA-A84B-1BC6C8969D18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1D0BB8C-18C2-4E65-9C54-8F3E944724EC}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{B2C3939E-6445-4D18-9755-01DDA8C03890}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B379963A-241F-4660-8AB4-3B35369DD20E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B37CB26A-A0A8-428C-A80C-105EE7DFADD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B42676D6-89B5-4495-B8D0-8339D6AE8C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B49FF01D-5732-4D0B-BF9F-AD59D64F08F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6306C33-BE9C-43C6-B13B-311EC2C47D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6A59DA2-3463-49E8-9402-7C0938217989}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6EB7594-7C97-4433-B5FC-3F75FA0F46DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6FDB891-730D-4B08-B2D6-3DDD60BD3C2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7A2568E-7A69-4DBF-980F-772CF7A68034}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7C13216-A562-4058-AA43-97D4DD6208CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9C0CB1C-059E-4192-83DA-98D6FD7B2912}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9FFEAB0-B049-4E00-B659-8CC9EC596449}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC06EEAB-9E1F-4240-AB38-1EC698E75D66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCB18002-CF64-4776-A121-6040C1E6B4E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD3E0EB5-AE13-47AE-883D-178E1D9CC7D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF7867E9-F9A2-4F36-997A-3A781C0B5779}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3DDE195-71C6-4318-BA15-89121063D198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C48400EC-227A-4BC5-943C-4CEC606123D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4ECC2E7-2B66-44C8-AAA6-F29937A5E414}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C59355F4-DAA9-428F-89BF-6C32377439A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9CA2D9B-3FE1-4B48-B608-386E6C00162E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9D061DF-30AF-49C4-85B7-C9F1FCFDB97A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC3A32AE-C5A7-49D7-B21F-C873CE93BEDB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{CD24C9DB-310B-4059-A4C6-CDE17EC9C8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD46FBC4-E84D-4FAE-BB55-FE88A6185F13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD47A3F7-40CF-47A1-BF93-ACA4A60658A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE6FD650-7CC0-402D-88E7-AF7D2DF7AD92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF8447EC-D2E7-4BD7-9CA4-069A82CF94B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D04D4578-C257-4835-89A0-9D657FFE8025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2CF43A4-FE30-460C-8AA6-F6C4ACFE091E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4B1713E-81CD-445A-950F-9188837A8499}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5C57C19-499D-41D5-885B-DFB9C517FAD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D62D30E4-BA03-4739-80F8-CEB88C8B1CF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6CFC9BE-2A88-40FF-8E01-1957B8B2881E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6D299DC-BA3B-4186-AC9F-CAB3CB67F300}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D908529C-AF5A-441A-9329-5351A15980E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB89A73F-FEFD-44BC-B65A-9531CF54B90A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBD4F44F-2B1D-4D88-A2EC-975C60C18F14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC9ADB40-AC46-49E4-935A-527952B5CDAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD5D6276-E775-4C2A-9437-22F145670473}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDE504E6-48BD-49E1-B15C-A4A4ED8812D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE416B81-868F-4EBD-8ACD-9185E2B138A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEE7EC5D-8406-4A6B-A7A9-D031D0EC344C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2C43DFB-00AD-4283-B5AC-356A2DD2C6BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E417C2C8-CA25-40A9-825F-066CD86DFC00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4C0BDC4-1B75-4D32-85D9-94B35E74A9D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7940DAC-035D-4CC1-ABA3-C99338313935}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7B61408-B0F0-4AE3-B20B-D5199EC52391}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB49EFBA-816A-4563-8F6C-4C7B935FF07C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC206BD9-76EB-41F8-9870-D898C5CEE7C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE362E83-DEB3-4682-A8E1-102D4452FFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE7A6CD3-20EE-4568-BAE4-AC9650D6632F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEB5F2C6-3D15-4FE1-B310-19B8CCF83683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF5E18E8-0748-475D-9B2F-F30F634B6A3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFD1EC45-8471-470D-B08D-1A82A44C6EE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1E9CBF8-D42B-4E8C-A6C0-62BD7EEF0156}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2464649-D48A-4FCB-9F66-3945B64AFED1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F359FAE8-4767-4F2A-894D-202A30B85DC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3875CB9-37B8-4AB7-BCD1-93B766FC1B22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F49C72C9-44FE-46B2-81C2-A2199033E0AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4CEACE8-C05A-4C54-8276-2420BD02A1FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F55A0FDD-724F-4EAB-9372-FB2798421E99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5741916-60C3-42CF-90E8-EF269E315D52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6DE8458-AF46-4EB0-9071-FB06D85D1857}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F74B39F9-9A08-4BDC-974A-6B397FC4D6AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7611A92-6F9E-4ABF-A6DA-1288C51585EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F84E48D4-1C4A-4113-AD61-075AFE6CFD85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8B7717A-D135-4532-9BD8-E9BAE40A466F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F96582DE-551F-42A2-89A2-C57627E51368}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAA473A4-3D21-4687-82D8-960C3EC7EBBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA195A1-39D2-4DED-9F22-D36A44516E08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEB53820-155B-4D7C-B80C-1C9E86EF6716}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF2F2E8E-1FB4-41B6-B882-97D47951018B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FFCDDD98-8995-43CF-BC38-C2F2F08FA5CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{03D7ECF1-F5CC-483B-B503-2E825A3F29F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{377A4647-1F78-4011-B9FA-AFDE86030504}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{3CCB69ED-C346-4DF5-8D8C-AF156AC8AB18}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{53700A54-F78F-46BD-A5EA-F76B0270925E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{7AC90F5E-5A00-4ED3-A801-5E4D9DF35656}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BB504FA2-25E1-4CEC-8752-26078100E12B}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{E9654091-EFB5-4A91-B858-A9E8318D8A53}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F0C76A83-49CB-427F-ACE4-696084468209}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F9C880D9-8454-48E0-90A8-A9F057D7CD80}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{09AE78A8-AD94-4DDF-91E2-202EE38B48C8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{25ED9BF4-4618-4DAC-BDBD-2AFDBC5D3E4E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{545B1D71-AD69-4222-905B-A11D0C44C5BB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{609E843F-6764-4694-8744-22DCCA371334}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{712F5E1D-F12A-4E31-BB91-0882655A59A7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{8C40806C-343F-4139-A18D-7DE025E4ABF0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A3DCD4BE-2063-4F7F-B8B3-FCEC8B4A4B23}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{A406B281-63A6-4D19-9FB2-ED88AEA4100F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BFEAC127-492C-459B-80B9-C2E6B6E8EC14}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{35915E20-0B68-4315-9C76-E36FD82695B6}" = XstreamRadio 3.02
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = TalkTalk Broadband
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5A401050-C8AB-4FCC-8F47-19E94156B7F3}" = Birth Chart Interpreter 2
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Byki Express" = Byki Express
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"GoToAssist" = GoToAssist 8.0.0.514
"In The Night Garden" = In The Night Garden Screen Saver
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Standard)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NetMeter_is1" = NetMeter 1.1.3
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Spyware Terminator_is1" = Spyware Terminator
"SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch
"SubEdit-Player_is1" = SubEdit-Player
"TomTom HOME" = TomTom HOME 2.5.2.60
"Wielki s³ownik polsko-angielski i angielsko-polski PWN-OXFORD" = Wielki s³ownik polsko-angielski i angielsko-polski PWN-OXFORD
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4
Essexboy

Posted 02 February 2011 - 02:59 PM

GeekU Moderator

Retired Staff
69,964 posts

Well system restore has been disabled and all restore points removed. What did Hitmanpro say it was removing, if you can remember. Once the OTL fix has run try to get back into normal mode

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2011/02/02 19:06:22 | 006,347,584 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Users\Hania\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTA7GPLI\HitmanPro35[1].exe -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
[2011/01/23 17:45:13 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
O4 - HKLM..\Run: [autoclk] C:\Windows\autoclk.exe ()
O33 - MountPoints2\{27482fdd-4815-11dd-aa81-0021706cd58d}\Shell\AutoRun\command - "" = olb1iimw.bat
O33 - MountPoints2\{27482fdd-4815-11dd-aa81-0021706cd58d}\Shell\explore\Command - "" = olb1iimw.bat
O33 - MountPoints2\{27482fdd-4815-11dd-aa81-0021706cd58d}\Shell\open\Command - "" = olb1iimw.bat
[2011/01/25 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Yqrupu
[2011/01/21 07:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#5
haniarob

Posted 02 February 2011 - 03:18 PM

Member

Topic Starter
Member
10 posts

thank you again - I am going to follow your instructions now. Stupidly, I did not make a note of what Hitman was going to remove.
Hannah

#6
Essexboy

Posted 02 February 2011 - 03:24 PM

GeekU Moderator

Retired Staff
69,964 posts

No problem it was just idle curiosity really

#7
haniarob

Posted 02 February 2011 - 03:38 PM

Member

Topic Starter
Member
10 posts

From the OTL scan:

OTL logfile created on: 02/02/2011 21:29:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Hania\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 32.71 Gb Free Space | 32.98% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 97.80 Gb Free Space | 87.49% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 4.65 Gb Free Space | 46.45% Space Free | Partition Type: NTFS

Computer Name: HANIA-PC | User Name: Hania | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/02 20:29:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
PRC - [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/02 09:45:13 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (SafeList) ==========

MOD - [2011/02/02 20:29:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
MOD - [2006/11/02 09:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (HitmanPro35CrusaderBoot) Hitman Pro 3.5 Crusader (Boot)
SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/01/13 08:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/06/13 10:17:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/04 13:44:47 | 000,606,720 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2007/12/13 01:34:45 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/15 09:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/09/07 18:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 21:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/01/13 08:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 08:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 08:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 08:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 08:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/05/04 13:44:47 | 000,141,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2007/12/13 01:41:40 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/12/13 01:41:40 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/12/13 01:41:40 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/25 08:40:58 | 007,617,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/24 09:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/07 18:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/03/21 19:33:54 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/12 21:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/27 07:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 07:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 07:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 12:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/07 01:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 23:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 23:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/03 02:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/03 02:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/03 02:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 08:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 07:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/05 00:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/03/02 08:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004/03/02 08:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\adiusbaw.sys -- (adiusbaw)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=eu&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=eu&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/23 17:45:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 19:53:36 | 000,000,000 | ---D | M]

[2009/01/25 18:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions
[2008/06/17 14:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/01/22 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\wespzs6t.default\extensions
[2009/09/05 11:43:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\wespzs6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/22 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2010/06/23 20:37:58 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/23 20:37:58 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/23 20:37:59 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/23 20:37:59 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/02/02 21:20:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [autoclk] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll ()
O9 - Extra 'Tools' menuitem : Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} http://static.photob...geUploader4.cab (PhotoBox uploader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photob...ploader_uni.cab (PB_Uploader Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hania\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hania\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c08b6c06-3bae-11dd-a247-0021706cd58d}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/02 21:20:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/02 20:29:08 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
[2011/02/02 19:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/02/02 18:19:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/02 18:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/02/02 18:19:27 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/02 18:19:27 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/02 18:19:27 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/02 18:19:27 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/02 18:18:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/02 18:18:49 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/02 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/02/02 18:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/29 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Local\Powercinema
[2011/01/25 23:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinClamAVShield
[2011/01/25 20:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/01/25 19:16:08 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/01/23 11:16:25 | 000,000,000 | ---D | C] -- C:\Users\Hania\AppData\Roaming\Awalag
[2011/01/21 07:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
[2011/01/21 07:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Fun4IM
[5 C:\Users\Hania\Desktop\*.tmp files -> C:\Users\Hania\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/02 21:28:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/02 21:28:02 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/02/02 21:20:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/02/02 20:29:09 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Hania\Desktop\OTL.exe
[2011/02/02 19:32:59 | 000,027,335 | ---- | M] () -- C:\Users\Hania\AppData\Roaming\nvModes.001
[2011/02/02 19:32:28 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/02 19:17:22 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/02/02 19:15:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/02 19:13:32 | 000,002,924 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/02/02 18:38:30 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/02 18:38:29 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/02 18:19:29 | 000,001,842 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/02 18:19:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/01 22:06:33 | 228,994,687 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/25 21:37:06 | 000,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/01/24 07:21:48 | 000,626,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/24 07:21:48 | 000,109,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/13 08:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 08:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 08:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 08:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 08:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 08:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 08:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/06 20:48:50 | 000,000,162 | -H-- | M] () -- C:\Users\Hania\Desktop\~$stings Direct.doc
[5 C:\Users\Hania\Desktop\*.tmp files -> C:\Users\Hania\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/02 19:16:24 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/02/02 19:13:32 | 000,002,924 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/02/02 19:07:21 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/02/02 18:19:29 | 000,001,842 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/02/01 22:06:03 | 228,994,687 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/25 21:37:06 | 000,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/01/06 20:48:50 | 000,000,162 | -H-- | C] () -- C:\Users\Hania\Desktop\~$stings Direct.doc
[2009/01/25 19:26:46 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/07/16 18:12:50 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/04/05 21:08:57 | 000,024,206 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\UserTile.png
[2008/03/03 12:30:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/03 12:30:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/03/03 12:27:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/03/03 12:25:28 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/03/02 13:42:47 | 000,141,312 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2008/02/19 16:03:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/12 15:28:51 | 000,004,096 | -H-- | C] () -- C:\Users\Hania\AppData\Local\keyfile3.drm
[2008/02/02 10:01:28 | 000,007,592 | ---- | C] () -- C:\Users\Hania\AppData\Local\d3d9caps.dat
[2008/02/02 09:54:01 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/01/29 18:53:04 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini
[2008/01/25 17:34:25 | 000,000,021 | ---- | C] () -- C:\Windows\Fast800.ini
[2008/01/25 17:33:45 | 000,001,061 | ---- | C] () -- C:\Windows\adiras.ini
[2008/01/25 17:33:45 | 000,000,154 | ---- | C] () -- C:\Windows\adidsl.ini
[2008/01/25 17:33:43 | 000,143,360 | ---- | C] () -- C:\Windows\System32\coclassfast.dll
[2008/01/25 17:33:39 | 000,046,892 | ---- | C] () -- C:\Windows\System32\adadix16.dll
[2008/01/24 20:58:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/24 20:27:22 | 000,032,256 | ---- | C] () -- C:\Users\Hania\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 20:21:01 | 000,000,092 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\wklnhst.dat
[2008/01/24 20:18:06 | 000,027,335 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\nvModes.001
[2008/01/24 20:17:23 | 000,027,335 | ---- | C] () -- C:\Users\Hania\AppData\Roaming\nvModes.dat
[2007/12/13 01:42:01 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/12 18:01:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/09 21:07:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/01/25 19:40:25 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Astei
[2011/01/23 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Awalag
[2011/01/25 18:24:54 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Exri
[2008/04/05 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\FlashGet
[2011/01/25 19:17:33 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Iwam
[2011/01/23 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\NetMeter
[2008/04/11 09:14:23 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\PC Suite
[2008/03/03 12:55:26 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\ScanSoft
[2011/01/30 14:26:03 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Spyware Terminator
[2008/01/24 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\Template
[2008/06/17 14:48:37 | 000,000,000 | ---D | M] -- C:\Users\Hania\AppData\Roaming\TomTom
[2011/02/02 19:15:11 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\TomTom:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\Research:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\My PaperPort Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\djvureader[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Documents\Audible:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hania\Desktop\trójka.asx:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 02/02/2011 21:29:27 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Hania\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 32.71 Gb Free Space | 32.98% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 97.80 Gb Free Space | 87.49% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 4.65 Gb Free Space | 46.45% Space Free | Partition Type: NTFS

Computer Name: HANIA-PC | User Name: Hania | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CB978B38-0288-40F2-ADFD-1EC7980F7488}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033B226C-2010-484B-B6E7-371BFE3E4DDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05322CAA-2F5E-4004-8C56-3C522DA142A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0560688A-8E2E-432C-8136-1B517FF61AA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{05A5E345-95DC-4092-9144-E159CA5864F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{061CEB87-6A7C-4949-9BB5-043B8EC250A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{066B891D-7F39-4A82-BD69-1A0F6738188E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07712E8A-2DDC-4E9F-83D8-A96321AFB330}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{079FCC3F-2EDC-42C8-898A-1BB5FD168F38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0837DA06-F66A-4D7F-9920-279F3B8C03BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0839FFF4-9B71-4ADA-B5DF-C8ED9C25CA0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{085CCF62-0A58-4D20-BF70-B7A524875BF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{088E9CE6-7500-42FA-B4FD-DDD69D851B56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09983085-E302-4F78-8615-1E81919DDD68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A022833-8962-49C5-850F-CC9DB8C7D4EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A4FF12F-CA30-4956-AD19-62C5956B5271}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CC65B41-B24B-451F-9A17-B6417A91A697}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D575BF3-CFF8-49F6-BAC3-2E096A57A23E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D6F35DA-D3C8-40F1-9FAF-6999723501BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D859054-BFF8-4FE0-8A06-D7F0038BE7A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DD08242-7D2A-4B49-979B-BCBE868A708D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E4FB45A-7815-4D88-BC50-CB3D9E56D947}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E9F6AD7-EA29-4F14-A7D3-D13AB370E028}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0ECE233C-E036-4077-8EB0-CD5AF5FBEE4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{101A400C-50A3-406A-9E23-7413E067B312}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10E5FA25-FB5B-47F1-8DC7-0C731395B40F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{116E6D2F-428C-40F9-B29A-3B9D2122ECAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1191DC49-4938-4CD8-8BA8-4CBCF503DF2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{11EA72D4-C580-4DE2-940B-E4260241E83F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1264F827-7B19-4344-94A5-2E13F4BBE069}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{154B4128-DD4C-4784-AC11-AF9974ABEAC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{163DB28D-C099-498D-B0F2-8701214B2F30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16A71FEF-D197-4B96-B586-826A4FD8B8C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16C6A5C0-F60C-4BAC-92F6-480A314C5FED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1BEB454A-D0E3-4432-939E-80D2853CD0B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DD6BC1D-A17E-4CDB-B9D8-409BBB62523B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E63B786-A71E-477A-820F-593DD70870C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1ED9477C-8E53-4C96-8D50-4BD98DB943B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{207FA267-57E5-4826-A240-ED41BC70406F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2225EDC8-0377-4DA7-9CCA-F5EE69AF9667}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{226BC0F1-E65F-4E0C-A231-D76D0487F645}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2353BFF6-6A85-4F86-87D0-4037BCB77452}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{243E6C85-7E16-4A8B-9340-1403D694F6F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{269BEB26-CE48-487A-9A72-102F139CB28F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26BBCB0F-D190-47F3-A4CB-06C1F870F31F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28214C59-4B47-4AD9-8D86-DFCB11FF5378}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29AD8985-38D5-4EA5-9B70-97D3606FAEC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2BAED42C-2D7D-4BC3-A131-2664B506D370}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C20048F-5146-4CA5-AF42-B70BC9AFF121}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C698606-C13B-4077-9664-A797C7472025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F37006B-C7E0-4B88-9FEB-84442D5FA1E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F5C0296-9FBA-423F-86F5-8A476F2F31AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3181B119-8353-4168-917A-3D7692BD6EF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{330513F3-F7AD-4700-8DFA-DDA498B552FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33B354DA-C842-4B41-B582-771C8C43612F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{363BBFFE-6CEB-48F2-A098-8AA854BF2276}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3653ED57-FA60-48E9-9826-1C76177794C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36BAE843-F375-4CAB-9F7E-325FEAC39164}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{374C2A51-9E86-4AF1-AD6D-3CD600B7B644}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3999C808-B146-4980-BED2-28DC862BA276}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39A9331F-05E9-47A3-AAD5-C126568F54B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39E2323E-B750-4A86-8608-2A8EAD61952C}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{39EE26D9-5D98-48EA-A491-C6B8A5403FF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A060A6E-317B-410C-A1BE-84F35A9A34C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A62E2AA-08CD-46F8-8636-D46B172E4002}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B8B5FA1-25FB-4F1F-BE7C-8795F11B4BA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C228303-C495-45BD-AC40-A12B42A190D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D24C782-782C-4770-98F5-3A749C0CFAF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E4DBEC8-6DAC-4D27-B935-D60E1994BD72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3EDB8304-9D23-4496-AFEE-78861FA024F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40FD0927-CC69-4A88-BC9E-A97B40762663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{41EB3FDE-DC7D-42A1-93D4-75BA08EE4198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4423CE29-616D-437B-B75D-E1B70141B647}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44618D52-DB27-4042-BD78-26F8D90206CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{448C8096-A291-4AE9-9536-CE00034C39F4}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4539B48F-D915-4771-9FFA-22CE8FC1211D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46102CAD-BF22-4CB9-B390-0D8FBC521264}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4630F1B9-33F4-4E86-9ECA-A866AB1C49A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46F17930-1B60-4D47-B31D-7EB87960C924}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{47B091CE-01A8-4E1F-A5E2-484B2A16777B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48484290-0BD7-404F-8971-233206017959}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4912CA3C-6CB9-43AC-B99E-C55AEF93071E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{491D2539-C5DF-4463-B354-4F6DE87A68C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4924E3C0-5709-4741-84C9-BA027EDF8AA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A136128-0F02-488F-847B-54D1E16BDBD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AA2C8A4-A537-423B-95AB-AE29F9D6640D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AD6688F-F236-42F1-9D2C-3365C7A29611}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AEAFB42-4657-4371-BF1C-3D454C384E1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C850798-60BF-4CB1-A04C-6404A1E6276C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F866DCB-C1F9-4779-B209-6DBD39E42100}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F9DCEE0-5266-4789-B4E1-48BEAF7633D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{502EF522-68C5-403F-9A4E-D98A405569D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50BCAB65-B5A5-4D74-9B85-42A49CDFEEFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{510F88B2-018F-4CBD-9ECC-0BA16CB22416}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{517FF834-6181-4276-A8E4-115D2686CCAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51C76A8F-7EC4-4C68-8D8E-34E666CB85B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54D940B1-A3C9-4A42-8668-C67776F6B1EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55359C14-6FF6-4CF4-84C2-0A45CBD090A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5689E084-3738-4B86-8EB6-8BC275929AE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57FEAE8D-BF82-4E07-9819-98AF7A5C9813}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58B242B5-14DD-47B2-91E5-54324ED0E3C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58C390FE-9558-4E9C-95A0-AFA5EB2240EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A5540C7-5888-4039-9F69-B21AFC5453B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5B127855-9F72-468A-8B10-38C9A6C2B9E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C34D45C-E3AC-443B-82F6-50DBDB17D69E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5CA8B97E-F89C-4A6B-9D5B-3BD8B6037903}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D01F49D-57B4-4400-85E5-1F23D8D374C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D14C317-91BB-4D6B-BE62-1CA2431DA30F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F16D75E-2F7E-467A-B066-D985C6937BEC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F624D35-6668-43B5-B529-8E4761DC9EBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6001B77A-E191-496D-9F9B-9A0423B74145}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6056B57C-65CE-4A4C-87A4-CE7D92652F38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61ED9590-2B85-498F-B8E2-16111DCB9E77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6296E9AF-AF44-4780-920A-629E08789B88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62AF84CF-0166-46DC-A81E-1BAA204D6EFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62F08D48-F2F8-4BFD-BBAE-360CD47F99C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{633572B2-9E36-4623-AF2A-E9FBE600F98E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{637ACF45-A4C1-4084-AE48-A5D9FC996A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63D97BF9-53A8-4E91-816F-EDAC1F75D823}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6632FFCC-ED6B-4A56-99C5-C140381EB2CB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{67733615-D81D-4E47-B0A4-9601EEE94E14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68139BB2-3C5F-441C-95E1-ED0BE73D0ABC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68960711-3606-4CF9-BC06-CB4F87638B08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AA5A511-8BD7-425F-8F5F-1BC8313C7F15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6AAD10B2-6779-4D31-8BDC-9EC3A834769E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C08D7A8-C15F-4604-9959-9924A61A421C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6C32F51A-E207-4E58-887F-804F0E9AE27D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E48A790-7D77-4A6B-9CFD-22EB91C89777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E65A45C-D4B1-4FBF-B3E1-9EF672618C6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6ECCD69F-9A95-4BE2-9FE4-7029C400A310}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F4C17D6-6036-4E37-92E9-6AD427F3442A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FD058B5-3D9A-4C4A-9188-BE42B7D8D4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7087B1F5-F45C-4A47-B5A3-30ED6C398C43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7137DB7A-2B7E-40F8-AD0D-F4020C47BE45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72F26D0B-89DA-4C4D-A996-33379988F15A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73145253-367F-4777-8533-85885E7977AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{733AEF56-69B1-42AD-AFDF-B01562FD32A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76C4966F-CE7D-476A-A65D-77B91B23060E}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{76F2E84C-54FF-42F9-B935-E4C90678EB18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{772C8708-8BAE-4D8B-B395-07FE3720B40C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77C9EE37-45E9-487F-98AC-AD722666058A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{786DC93B-23BE-4500-8307-B580D8EA27C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A2F900B-98A4-40D6-A6BD-ABE78DCC733F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7A4D2219-43CA-4DAE-A164-A426E28E2CC4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D4D6441-EFE8-46C7-BC8B-9C28DB695ABB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DE27D87-D8BD-479D-B621-EFE75A1C749A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7DE356D1-5623-4C91-A8CE-922B229FC5A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8064F81F-F9CD-4260-8831-C29EC066EB1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80830B38-616C-46B3-AD8B-46F5987AEA38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81ECE11A-8C31-4BFA-A9E3-162BB849337A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{839146B2-C45B-4A71-B6B7-9C7194593887}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83B4CE79-BCCA-4F12-ACF8-A857A296C8D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{845674DF-7437-40B5-8C68-A2BF0E026AA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84AEB688-87ED-4391-87AB-F46A1884F245}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85BF3BAD-9A5E-4820-8400-4D647662A712}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{866FFB08-4970-41B5-8086-C7A39F21700A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{895C4839-43BB-4906-9D5F-435BB40A888A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B547902-C739-43BD-B7AA-9370C71E78A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BC7CED6-154A-4F96-9DC7-CE09A9241594}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DA2762D-62CF-4160-8FB7-072154D8F83B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DDACA30-BF0C-4237-B238-549A3BDC5086}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E1CF7AA-623C-4452-9360-3B375A307826}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8EF69B55-30D7-42B7-A8EB-3E9886449EBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F4A86F3-743F-4EFA-BBEA-45538E914501}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9084B980-BBAA-4D91-819C-84AD5EE18432}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90A6405B-F18F-43AC-B1EA-EE26FB4A2679}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{90FE5F6A-61E7-463D-BDF6-D2656F418EA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91F59189-EEE1-4BB4-903F-1ECD19F75778}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9289F0F7-0AC4-4672-A954-79A61CA7EDAB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{92E2831A-500D-4BDD-995F-749B3450FED8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93D38334-3E21-4060-8304-BB258A0E595E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{940BB734-4D8D-488E-B8AA-115B06B69866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94A27E3C-3D71-47B9-A4C1-B68E334E4D03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{965CE278-6B43-400B-B575-5F284A96AC04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97AC0E11-687E-45D6-853C-701211FA15DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{991396A4-E989-4179-9A7F-0B3070137D91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{996AD9FB-A4E3-4AE5-96F7-6F9316DF817F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9A4C6B57-43D2-4C53-9367-0D68E29E3C1C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{9D0F7A75-99EF-404A-9FE8-A25465B68EF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D3C931B-37C2-46A5-B3E3-24ADD2DBD809}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F40FDD6-3DE7-4AE8-8674-FFF1D2D00CC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F53D3C8-066D-413B-994F-1D46F63B0834}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0A34C1B-12B6-43F4-9000-1E4FFD7AAF10}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0A9D8DA-EC1B-4536-8C7B-78BA9F07A7BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1181144-EC63-4171-8BB9-A4E4B381290B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A1A48E9B-81B6-484C-AFFF-8AA68395747E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1C35AC3-6AF6-4662-A817-14103CDCDAA2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2B91576-954C-4002-AAC1-772C2A7AFBA1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A42E9628-231C-45AC-8CF8-AC3855B61034}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A66D4DD2-372B-4CF7-8E13-65622FC92C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A6D0EAA6-D296-498E-AA07-61437B344F8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7450313-EC8D-498F-B5F7-1C32D1D949D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A839FDB1-EAC0-4EEB-B0A6-06E3A0D37B8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A858D31B-42FC-44F6-85C3-F8224E5B9DBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8F3D182-9E01-4AF4-BBD2-FDFBC16E6311}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A93ADA5A-ED91-44EC-9F2A-DA9104EDC1AF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{AA0D8454-7784-4A71-A0BB-020A5FE0E225}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA3CAAC3-CDD4-4290-99FB-09CD50B49093}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA610FAD-82A4-49DC-A6A2-8ECC409916FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB0C12BA-84C6-4A42-92B6-693868B10058}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB3F92B0-0940-4041-958C-820AE2D77F5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC9CAB2D-6F75-46E4-A15A-69491B80C40D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AEF28A55-E38B-40AA-A84B-1BC6C8969D18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1D0BB8C-18C2-4E65-9C54-8F3E944724EC}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{B2C3939E-6445-4D18-9755-01DDA8C03890}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B379963A-241F-4660-8AB4-3B35369DD20E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B37CB26A-A0A8-428C-A80C-105EE7DFADD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B42676D6-89B5-4495-B8D0-8339D6AE8C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B49FF01D-5732-4D0B-BF9F-AD59D64F08F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6306C33-BE9C-43C6-B13B-311EC2C47D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6A59DA2-3463-49E8-9402-7C0938217989}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6EB7594-7C97-4433-B5FC-3F75FA0F46DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6FDB891-730D-4B08-B2D6-3DDD60BD3C2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7A2568E-7A69-4DBF-980F-772CF7A68034}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7C13216-A562-4058-AA43-97D4DD6208CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9C0CB1C-059E-4192-83DA-98D6FD7B2912}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9FFEAB0-B049-4E00-B659-8CC9EC596449}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC06EEAB-9E1F-4240-AB38-1EC698E75D66}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCB18002-CF64-4776-A121-6040C1E6B4E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD3E0EB5-AE13-47AE-883D-178E1D9CC7D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF7867E9-F9A2-4F36-997A-3A781C0B5779}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3DDE195-71C6-4318-BA15-89121063D198}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C48400EC-227A-4BC5-943C-4CEC606123D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4ECC2E7-2B66-44C8-AAA6-F29937A5E414}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C59355F4-DAA9-428F-89BF-6C32377439A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9CA2D9B-3FE1-4B48-B608-386E6C00162E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C9D061DF-30AF-49C4-85B7-C9F1FCFDB97A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC3A32AE-C5A7-49D7-B21F-C873CE93BEDB}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{CD24C9DB-310B-4059-A4C6-CDE17EC9C8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD46FBC4-E84D-4FAE-BB55-FE88A6185F13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD47A3F7-40CF-47A1-BF93-ACA4A60658A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE6FD650-7CC0-402D-88E7-AF7D2DF7AD92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF8447EC-D2E7-4BD7-9CA4-069A82CF94B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D04D4578-C257-4835-89A0-9D657FFE8025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D2CF43A4-FE30-460C-8AA6-F6C4ACFE091E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D4B1713E-81CD-445A-950F-9188837A8499}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5C57C19-499D-41D5-885B-DFB9C517FAD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D62D30E4-BA03-4739-80F8-CEB88C8B1CF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6CFC9BE-2A88-40FF-8E01-1957B8B2881E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6D299DC-BA3B-4186-AC9F-CAB3CB67F300}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D908529C-AF5A-441A-9329-5351A15980E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB89A73F-FEFD-44BC-B65A-9531CF54B90A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBD4F44F-2B1D-4D88-A2EC-975C60C18F14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC9ADB40-AC46-49E4-935A-527952B5CDAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD5D6276-E775-4C2A-9437-22F145670473}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDE504E6-48BD-49E1-B15C-A4A4ED8812D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE416B81-868F-4EBD-8ACD-9185E2B138A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DEE7EC5D-8406-4A6B-A7A9-D031D0EC344C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2C43DFB-00AD-4283-B5AC-356A2DD2C6BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E417C2C8-CA25-40A9-825F-066CD86DFC00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4C0BDC4-1B75-4D32-85D9-94B35E74A9D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7940DAC-035D-4CC1-ABA3-C99338313935}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7B61408-B0F0-4AE3-B20B-D5199EC52391}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB49EFBA-816A-4563-8F6C-4C7B935FF07C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC206BD9-76EB-41F8-9870-D898C5CEE7C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE362E83-DEB3-4682-A8E1-102D4452FFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE7A6CD3-20EE-4568-BAE4-AC9650D6632F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEB5F2C6-3D15-4FE1-B310-19B8CCF83683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF5E18E8-0748-475D-9B2F-F30F634B6A3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFD1EC45-8471-470D-B08D-1A82A44C6EE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1E9CBF8-D42B-4E8C-A6C0-62BD7EEF0156}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2464649-D48A-4FCB-9F66-3945B64AFED1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F359FAE8-4767-4F2A-894D-202A30B85DC8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3875CB9-37B8-4AB7-BCD1-93B766FC1B22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F49C72C9-44FE-46B2-81C2-A2199033E0AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4CEACE8-C05A-4C54-8276-2420BD02A1FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F55A0FDD-724F-4EAB-9372-FB2798421E99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5741916-60C3-42CF-90E8-EF269E315D52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6DE8458-AF46-4EB0-9071-FB06D85D1857}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F74B39F9-9A08-4BDC-974A-6B397FC4D6AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7611A92-6F9E-4ABF-A6DA-1288C51585EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F84E48D4-1C4A-4113-AD61-075AFE6CFD85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8B7717A-D135-4532-9BD8-E9BAE40A466F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F96582DE-551F-42A2-89A2-C57627E51368}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAA473A4-3D21-4687-82D8-960C3EC7EBBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA195A1-39D2-4DED-9F22-D36A44516E08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEB53820-155B-4D7C-B80C-1C9E86EF6716}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF2F2E8E-1FB4-41B6-B882-97D47951018B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FFCDDD98-8995-43CF-BC38-C2F2F08FA5CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{03D7ECF1-F5CC-483B-B503-2E825A3F29F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{377A4647-1F78-4011-B9FA-AFDE86030504}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{3CCB69ED-C346-4DF5-8D8C-AF156AC8AB18}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{53700A54-F78F-46BD-A5EA-F76B0270925E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{7AC90F5E-5A00-4ED3-A801-5E4D9DF35656}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BB504FA2-25E1-4CEC-8752-26078100E12B}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{E9654091-EFB5-4A91-B858-A9E8318D8A53}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F0C76A83-49CB-427F-ACE4-696084468209}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F9C880D9-8454-48E0-90A8-A9F057D7CD80}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{09AE78A8-AD94-4DDF-91E2-202EE38B48C8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{25ED9BF4-4618-4DAC-BDBD-2AFDBC5D3E4E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{545B1D71-AD69-4222-905B-A11D0C44C5BB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{609E843F-6764-4694-8744-22DCCA371334}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{712F5E1D-F12A-4E31-BB91-0882655A59A7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{8C40806C-343F-4139-A18D-7DE025E4ABF0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A3DCD4BE-2063-4F7F-B8B3-FCEC8B4A4B23}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{A406B281-63A6-4D19-9FB2-ED88AEA4100F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BFEAC127-492C-459B-80B9-C2E6B6E8EC14}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{35915E20-0B68-4315-9C76-E36FD82695B6}" = XstreamRadio 3.02
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = TalkTalk Broadband
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5A401050-C8AB-4FCC-8F47-19E94156B7F3}" = Birth Chart Interpreter 2
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Byki Express" = Byki Express
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"GoToAssist" = GoToAssist 8.0.0.514
"In The Night Garden" = In The Night Garden Screen Saver
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Standard)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NetMeter_is1" = NetMeter 1.1.3
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Spyware Terminator_is1" = Spyware Terminator
"SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch
"SubEdit-Player_is1" = SubEdit-Player
"TomTom HOME" = TomTom HOME 2.5.2.60
"Wielki s³ownik polsko-angielski i angielsko-polski PWN-OXFORD" = Wielki s³ownik polsko-angielski i angielsko-polski PWN-OXFORD
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#8
haniarob

Posted 02 February 2011 - 03:46 PM

Member

Topic Starter
Member
10 posts

The MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5662

Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037

02/02/2011 21:43:07
mbam-log-2011-02-02 (21-43-07).txt

Scan type: Quick scan
Objects scanned: 146263
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9
Essexboy

Posted 02 February 2011 - 03:54 PM

GeekU Moderator

Retired Staff
69,964 posts

Still no joy for normal mode ?

When you try to log on what error do you get ?

#10
haniarob

Posted 02 February 2011 - 03:58 PM

Member

Topic Starter
Member
10 posts

No, once my desktop loads up it just crashes almost immediately and goes to a blue screen with something like 'problem detected Windows has shut down'... and it then tries to re-boot again...

#11
Essexboy

Posted 02 February 2011 - 04:01 PM

GeekU Moderator

Retired Staff
69,964 posts

On the safe mode menu do you have a repair my PC option ?

Details here

#12
haniarob

Posted 02 February 2011 - 04:21 PM

Member

Topic Starter
Member
10 posts

Yes I do - I just tried Startup Repair which didn't find any problems but still could not start up in normal mode...

#13
Essexboy

Posted 02 February 2011 - 04:24 PM

GeekU Moderator

Retired Staff
69,964 posts

It sounds as though Hitmanpro deleted a file but not the associated control set entry

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#14
haniarob

Posted 02 February 2011 - 04:59 PM

Member

Topic Starter
Member
10 posts

Thanks for your further help - this is the result:

ComboFix 11-01-31.02 - Hania 02/02/2011 22:48:38.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2045.1538 [GMT 0:00]
Running from: c:\users\Hania\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Hania\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 )))))))))))))))))))))))))))))))
.

2011-02-02 22:44 . 2011-02-02 22:44 -------- d-----w- C:\32788R22FWJFW
2011-02-02 21:36 . 2011-02-02 21:36 -------- d-----w- c:\users\Hania\AppData\Roaming\Malwarebytes
2011-02-02 21:36 . 2011-02-02 21:36 -------- d-----w- c:\programdata\Malwarebytes
2011-02-02 21:36 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-02 21:36 . 2011-02-02 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-02 21:36 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-02 21:20 . 2011-02-02 21:20 -------- d-----w- C:\_OTL
2011-02-02 19:07 . 2011-02-02 19:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-02 19:06 . 2011-02-02 19:13 -------- d-----w- c:\programdata\Hitman Pro
2011-02-02 18:19 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 18:19 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-02 18:19 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-02 18:19 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-02 18:19 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-02 18:18 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-02 18:18 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-02 18:18 . 2011-02-02 18:18 -------- d-----w- c:\programdata\Alwil Software
2011-02-02 18:18 . 2011-02-02 18:18 -------- d-----w- c:\program files\Alwil Software
2011-01-29 18:39 . 2011-01-29 19:13 -------- d-----w- c:\users\Hania\AppData\Local\Powercinema
2011-01-25 23:09 . 2011-02-02 22:38 -------- d-----w- c:\program files\WinClamAVShield
2011-01-25 20:46 . 2011-01-25 23:16 -------- d-----w- c:\programdata\STOPzilla!
2011-01-25 19:16 . 2011-01-25 19:16 -------- d--h--w- c:\windows\PIF
2011-01-23 12:19 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9254955-8B46-4710-ADF0-9945D143D8D2}\mpengine.dll
2011-01-23 11:16 . 2011-01-23 11:37 -------- d-----w- c:\users\Hania\AppData\Roaming\Awalag
2011-01-21 07:11 . 2011-01-21 07:11 -------- d-----w- c:\programdata\Fun4IM
2011-01-21 07:11 . 2011-01-21 07:11 -------- d-----w- c:\program files\Fun4IM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 16:36 . 2010-12-10 16:36 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-25 1232896]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-12-12 77824]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2004-01-19 278528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Wrapper"="runonce" [X]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-6-13 1754456]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-12 50688]
QuickSet.lnk - [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R1 aswSP;aswSP; [x]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
R2 AMService;AMService;c:\windows\TEMP\lckm\setup.exe run [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);c:\users\Hania\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTA7GPLI\HitmanPro35[1].exe [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*NewlyCreated* - PXHELP20

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7A0815F1-6B65-4e3a-B198-709807B4042A} - {1EC035CE-090E-4AF7-B6DF-AD11C2F0F9C9} - c:\program files\XstreamRadio 3.02\RadioHelper.dll
DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} - hxxp://static.photobox.co.uk/sg/common/ImageUploader4.cab
FF - ProfilePath - c:\users\Hania\AppData\Roaming\Mozilla\Firefox\Profiles\wespzs6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-autoclk - autoclk.exe
HKLM-Run-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Spyware Terminator_is1 - c:\program files\Spyware Terminator\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 22:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\Hania\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTA7GPLI\HitmanPro35
[1].exe\" /crusader:boot"
"ImagePath"="\"c:\users\Hania\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTA7GPLI\HitmanPro35
[1].exe\" /crusader:boot"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]
"ImagePath"="\"c:\users\Hania\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTA7GPLI\HitmanPro35

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-02 22:56:51
ComboFix-quarantined-files.txt 2011-02-02 22:56

Pre-Run: 35,177,451,520 bytes free
Post-Run: 35,100,954,624 bytes free

- - End Of File - - A9240CE593C461A1699C93FC9C4D8AEF

#15
haniarob

Posted 03 February 2011 - 02:23 AM

Member

Topic Starter
Member
10 posts

Thanks for your help so far...

Is it Hitman that has caused this problem or have I used it incorrectly?

What are my options now - is there a way to back up files and re-install Windows for example - would that solve the problem?