Thanks in advance!
Can't run any anti-malware programs properly
Started by
MacBoznyII
, Sep 05 2011 03:59 PM
#1
Posted 05 September 2011 - 03:59 PM
MacBoznyII
-
- Member
-
- 20 posts
Member
Thanks in advance!
#2
Posted 05 September 2011 - 04:52 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
Another thing I forgot to mention, I can't seem to run safe mode with networking. In fact, I have to use "msconfig" to run safe mode at all. When I boot the computer and tap F8, there is no safe mode option. Anyway, I don't have built in wifi so I have a suspicion that it has to do with the fact that I use a Netgear receiver that uses another program to manage network settings but since it's safe mode it won't be allowed to run. Also, Google Chrome won't work at all and I've read on multiple forums that it could be due to malware so I have a strong suspicion that that is the reason.
Thanks again!
Thanks again!
#3
Posted 11 September 2011 - 04:13 AM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hi
. I'm Michael and I'm going to help you fix your computer 
Note: Before we start the process you should:
What options are there when you tap F8 key while booting?
If you can't run these tools from normal mode, try safe mode
Download RogueKiller to your desktop
Next:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here
Next:
OTL Custom Scan
. I'm Michael and I'm going to help you fix your computer Note: Before we start the process you should:
- POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
- Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
- Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
- Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
What options are there when you tap F8 key while booting?
If you can't run these tools from normal mode, try safe mode
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 2 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Next:
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here
Next:
OTL Custom Scan- Download OTL to your Desktop
- Double click on the
icon to run it. - Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top, make sure Stadard output is selected.
- Select Scan all users
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scans/Fixes box copy and paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
- Click the
button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open OTL.Txt in Notepad window.
- Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.
#4
Posted 11 September 2011 - 11:45 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
RogueKiller V5.3.4 [08/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Malcolm Hayles [Admin rights]
Mode: Remove -- Date : 09/12/2011 00:43:37
Bad processes: 0
Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Particular Files / Folders:
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Malcolm Hayles [Admin rights]
Mode: Remove -- Date : 09/12/2011 00:43:37
Bad processes: 0
Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Particular Files / Folders:
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
#5
Posted 12 September 2011 - 06:31 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
[no content]
Edited by MacBoznyII, 12 September 2011 - 06:41 PM.
#6
Posted 12 September 2011 - 06:38 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-12 14:44:40
-----------------------------
14:44:40.796 OS Version: Windows 5.1.2600 Service Pack 2
14:44:40.796 Number of processors: 2 586 0x409
14:44:40.796 ComputerName: MALCOLM UserName:
14:44:41.156 Initialize success
14:44:49.046 AVAST engine defs: 11091101
14:45:02.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:45:02.062 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
14:45:04.093 Disk 0 MBR read successfully
14:45:04.093 Disk 0 MBR scan
14:45:04.156 Disk 0 unknown MBR code
14:45:04.156 Disk 0 scanning sectors +156232125
14:45:04.453 Disk 0 scanning C:\WINDOWS\system32\drivers
14:45:52.109 Service scanning
14:45:53.171 Modules scanning
14:47:03.890 Disk 0 trace - called modules:
14:47:03.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
14:47:03.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86566ab8]
14:47:03.953 3 CLASSPNP.SYS[f75ff05b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86546b00]
14:47:04.421 AVAST engine scan C:\
14:47:44.390 File: C:\Documents and Settings\All Users\Application Data\36F9.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
14:50:44.078 File: C:\Documents and Settings\All Users\Application Data\qwerty.exe **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.203 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1316.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.328 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1317.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.578 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1318.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:17:02.593 File: C:\Program Files\AVG\AVG10\avgchsvx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:17:10.281 File: C:\Program Files\AVG\AVG10\avgrsx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:32:07.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\MBR.dat"
15:32:07.171 The log file has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-12 14:44:40
-----------------------------
14:44:40.796 OS Version: Windows 5.1.2600 Service Pack 2
14:44:40.796 Number of processors: 2 586 0x409
14:44:40.796 ComputerName: MALCOLM UserName:
14:44:41.156 Initialize success
14:44:49.046 AVAST engine defs: 11091101
14:45:02.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:45:02.062 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
14:45:04.093 Disk 0 MBR read successfully
14:45:04.093 Disk 0 MBR scan
14:45:04.156 Disk 0 unknown MBR code
14:45:04.156 Disk 0 scanning sectors +156232125
14:45:04.453 Disk 0 scanning C:\WINDOWS\system32\drivers
14:45:52.109 Service scanning
14:45:53.171 Modules scanning
14:47:03.890 Disk 0 trace - called modules:
14:47:03.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
14:47:03.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86566ab8]
14:47:03.953 3 CLASSPNP.SYS[f75ff05b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86546b00]
14:47:04.421 AVAST engine scan C:\
14:47:44.390 File: C:\Documents and Settings\All Users\Application Data\36F9.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
14:50:44.078 File: C:\Documents and Settings\All Users\Application Data\qwerty.exe **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.203 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1316.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.328 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1317.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.578 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1318.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:17:02.593 File: C:\Program Files\AVG\AVG10\avgchsvx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:17:10.281 File: C:\Program Files\AVG\AVG10\avgrsx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:32:07.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\MBR.dat"
15:32:07.171 The log file has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\aswMBR.txt"
16:10:07.031 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0011626.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:07.234 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0011627.ini **INFECTED** Win32:Malware-gen
16:10:15.968 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011656.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:16.156 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011657.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:16.343 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011658.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:16.593 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011659.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:17.000 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011660.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:17.640 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011661.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:18.281 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011662.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:18.593 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011663.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:18.765 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011664.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:18.921 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011665.ini **INFECTED** Win32:Malware-gen
16:10:20.859 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011685.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:21.015 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011686.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:21.109 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011687.ini **INFECTED** Win32:Malware-gen
16:10:22.125 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0011697.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:22.234 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0011698.ini **INFECTED** Win32:Malware-gen
16:10:23.234 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0012697.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:23.328 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0012698.ini **INFECTED** Win32:Malware-gen
16:10:24.000 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0013697.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:24.078 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0013698.ini **INFECTED** Win32:Malware-gen
16:11:29.796 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0014008.exe **INFECTED** Win32:Patched-WQ [Trj]
16:11:45.453 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014036.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:45.546 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014037.ini **INFECTED** Win32:Malware-gen
16:11:48.640 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014051.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:48.796 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014052.ini **INFECTED** Win32:Malware-gen
16:11:49.156 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0015051.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:49.250 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0015052.ini **INFECTED** Win32:Malware-gen
16:11:59.031 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016051.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:59.125 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016052.ini **INFECTED** Win32:Malware-gen
16:12:00.953 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016063.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:12:01.031 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016064.ini **INFECTED** Win32:Malware-gen
16:12:09.375 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016145.exe **INFECTED** Win32:Patched-WQ [Trj]
16:12:09.671 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016146.exe **INFECTED** Win32:Patched-WQ [Trj]
16:12:10.390 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016147.exe **INFECTED** Win32:Patched-WQ [Trj]
16:13:50.171 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016573.exe **INFECTED** Win32:Patched-WQ [Trj]
16:13:50.750 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016575.exe **INFECTED** Win32:Patched-WQ [Trj]
16:13:51.343 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016576.exe **INFECTED** Win32:Kryptik-EQX [Trj]
16:20:34.609 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0018231.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:20:34.703 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0018232.ini **INFECTED** Win32:Malware-gen
16:20:54.890 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018353.exe **INFECTED** Win32:Patched-WQ [Trj]
16:20:55.203 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018354.exe **INFECTED** Win32:Patched-WQ [Trj]
16:20:55.968 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018355.exe **INFECTED** Win32:Patched-WQ [Trj]
16:22:39.312 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018780.exe **INFECTED** Win32:Patched-WQ [Trj]
16:22:39.890 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018782.exe **INFECTED** Win32:Patched-WQ [Trj]
16:22:40.484 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018783.exe **INFECTED** Win32:Kryptik-EQX [Trj]
16:29:22.671 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020435.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:29:22.781 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020436.ini **INFECTED** Win32:Malware-gen
16:30:15.750 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020697.exe **INFECTED** Win32:Patched-WQ [Trj]
16:30:16.531 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020698.exe **INFECTED** Win32:Patched-WQ [Trj]
16:30:32.500 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020741.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:30:32.609 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020742.ini **INFECTED** Win32:Malware-gen
16:30:36.312 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020760.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:30:36.437 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020761.ini **INFECTED** Win32:Malware-gen
16:30:50.421 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020816.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:30:50.546 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020817.ini **INFECTED** Win32:Malware-gen
16:31:23.953 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0020897.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:31:24.062 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0020898.ini **INFECTED** Win32:Malware-gen
16:31:33.421 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0020925.exe **INFECTED** Win32:Patched-WQ [Trj]
16:32:20.984 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0021095.exe **INFECTED** Win32:Patched-WQ [Trj]
16:32:21.828 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0021096.exe **INFECTED** Win32:Patched-WQ [Trj]
16:33:41.546 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP43\A0021319.ini **INFECTED** Win32:Malware-gen
16:43:41.781 File: C:\WINDOWS\3425845141:1791020339.exe **INFECTED** Win32:Tiny-AMB [Rtk]
17:05:36.656 File: C:\WINDOWS\system32\msiexec.exe **INFECTED** Win32:Patched-WQ [Trj]
17:13:29.531 Scan finished successfully
19:30:34.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\MBR.dat"
19:30:34.125 The log file has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\aswMBR.txt"
Run date: 2011-09-12 14:44:40
-----------------------------
14:44:40.796 OS Version: Windows 5.1.2600 Service Pack 2
14:44:40.796 Number of processors: 2 586 0x409
14:44:40.796 ComputerName: MALCOLM UserName:
14:44:41.156 Initialize success
14:44:49.046 AVAST engine defs: 11091101
14:45:02.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:45:02.062 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
14:45:04.093 Disk 0 MBR read successfully
14:45:04.093 Disk 0 MBR scan
14:45:04.156 Disk 0 unknown MBR code
14:45:04.156 Disk 0 scanning sectors +156232125
14:45:04.453 Disk 0 scanning C:\WINDOWS\system32\drivers
14:45:52.109 Service scanning
14:45:53.171 Modules scanning
14:47:03.890 Disk 0 trace - called modules:
14:47:03.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
14:47:03.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86566ab8]
14:47:03.953 3 CLASSPNP.SYS[f75ff05b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86546b00]
14:47:04.421 AVAST engine scan C:\
14:47:44.390 File: C:\Documents and Settings\All Users\Application Data\36F9.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
14:50:44.078 File: C:\Documents and Settings\All Users\Application Data\qwerty.exe **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.203 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1316.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.328 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1317.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.578 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1318.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:17:02.593 File: C:\Program Files\AVG\AVG10\avgchsvx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:17:10.281 File: C:\Program Files\AVG\AVG10\avgrsx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:32:07.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\MBR.dat"
15:32:07.171 The log file has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\aswMBR.txt"
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-12 14:44:40
-----------------------------
14:44:40.796 OS Version: Windows 5.1.2600 Service Pack 2
14:44:40.796 Number of processors: 2 586 0x409
14:44:40.796 ComputerName: MALCOLM UserName:
14:44:41.156 Initialize success
14:44:49.046 AVAST engine defs: 11091101
14:45:02.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:45:02.062 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
14:45:04.093 Disk 0 MBR read successfully
14:45:04.093 Disk 0 MBR scan
14:45:04.156 Disk 0 unknown MBR code
14:45:04.156 Disk 0 scanning sectors +156232125
14:45:04.453 Disk 0 scanning C:\WINDOWS\system32\drivers
14:45:52.109 Service scanning
14:45:53.171 Modules scanning
14:47:03.890 Disk 0 trace - called modules:
14:47:03.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
14:47:03.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86566ab8]
14:47:03.953 3 CLASSPNP.SYS[f75ff05b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86546b00]
14:47:04.421 AVAST engine scan C:\
14:47:44.390 File: C:\Documents and Settings\All Users\Application Data\36F9.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
14:50:44.078 File: C:\Documents and Settings\All Users\Application Data\qwerty.exe **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.203 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1316.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.328 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1317.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:02:06.578 File: C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\1318.tmp **INFECTED** Win32:Kryptik-EQX [Trj]
15:17:02.593 File: C:\Program Files\AVG\AVG10\avgchsvx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:17:10.281 File: C:\Program Files\AVG\AVG10\avgrsx.exe **INFECTED** Win32:Patched-WQ [Trj]
15:32:07.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\MBR.dat"
15:32:07.171 The log file has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\aswMBR.txt"
16:10:07.031 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0011626.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:07.234 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP27\A0011627.ini **INFECTED** Win32:Malware-gen
16:10:15.968 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011656.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:16.156 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011657.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:16.343 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011658.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:16.593 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011659.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:17.000 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011660.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:17.640 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011661.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:18.281 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011662.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:18.593 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011663.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:18.765 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011664.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:18.921 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0011665.ini **INFECTED** Win32:Malware-gen
16:10:20.859 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011685.exe **INFECTED** Win32:Patched-WQ [Trj]
16:10:21.015 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011686.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:21.109 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0011687.ini **INFECTED** Win32:Malware-gen
16:10:22.125 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0011697.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:22.234 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0011698.ini **INFECTED** Win32:Malware-gen
16:10:23.234 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0012697.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:23.328 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0012698.ini **INFECTED** Win32:Malware-gen
16:10:24.000 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0013697.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:10:24.078 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP30\A0013698.ini **INFECTED** Win32:Malware-gen
16:11:29.796 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP31\A0014008.exe **INFECTED** Win32:Patched-WQ [Trj]
16:11:45.453 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014036.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:45.546 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014037.ini **INFECTED** Win32:Malware-gen
16:11:48.640 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014051.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:48.796 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0014052.ini **INFECTED** Win32:Malware-gen
16:11:49.156 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0015051.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:49.250 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0015052.ini **INFECTED** Win32:Malware-gen
16:11:59.031 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016051.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:11:59.125 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016052.ini **INFECTED** Win32:Malware-gen
16:12:00.953 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016063.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:12:01.031 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP32\A0016064.ini **INFECTED** Win32:Malware-gen
16:12:09.375 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016145.exe **INFECTED** Win32:Patched-WQ [Trj]
16:12:09.671 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016146.exe **INFECTED** Win32:Patched-WQ [Trj]
16:12:10.390 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016147.exe **INFECTED** Win32:Patched-WQ [Trj]
16:13:50.171 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016573.exe **INFECTED** Win32:Patched-WQ [Trj]
16:13:50.750 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016575.exe **INFECTED** Win32:Patched-WQ [Trj]
16:13:51.343 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0016576.exe **INFECTED** Win32:Kryptik-EQX [Trj]
16:20:34.609 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0018231.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:20:34.703 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0018232.ini **INFECTED** Win32:Malware-gen
16:20:54.890 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018353.exe **INFECTED** Win32:Patched-WQ [Trj]
16:20:55.203 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018354.exe **INFECTED** Win32:Patched-WQ [Trj]
16:20:55.968 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018355.exe **INFECTED** Win32:Patched-WQ [Trj]
16:22:39.312 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018780.exe **INFECTED** Win32:Patched-WQ [Trj]
16:22:39.890 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018782.exe **INFECTED** Win32:Patched-WQ [Trj]
16:22:40.484 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0018783.exe **INFECTED** Win32:Kryptik-EQX [Trj]
16:29:22.671 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020435.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:29:22.781 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020436.ini **INFECTED** Win32:Malware-gen
16:30:15.750 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020697.exe **INFECTED** Win32:Patched-WQ [Trj]
16:30:16.531 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020698.exe **INFECTED** Win32:Patched-WQ [Trj]
16:30:32.500 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020741.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:30:32.609 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020742.ini **INFECTED** Win32:Malware-gen
16:30:36.312 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020760.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:30:36.437 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020761.ini **INFECTED** Win32:Malware-gen
16:30:50.421 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020816.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:30:50.546 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0020817.ini **INFECTED** Win32:Malware-gen
16:31:23.953 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0020897.sys **INFECTED** Win32:Alureon-AJI [Rtk]
16:31:24.062 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0020898.ini **INFECTED** Win32:Malware-gen
16:31:33.421 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0020925.exe **INFECTED** Win32:Patched-WQ [Trj]
16:32:20.984 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0021095.exe **INFECTED** Win32:Patched-WQ [Trj]
16:32:21.828 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0021096.exe **INFECTED** Win32:Patched-WQ [Trj]
16:33:41.546 File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP43\A0021319.ini **INFECTED** Win32:Malware-gen
16:43:41.781 File: C:\WINDOWS\3425845141:1791020339.exe **INFECTED** Win32:Tiny-AMB [Rtk]
17:05:36.656 File: C:\WINDOWS\system32\msiexec.exe **INFECTED** Win32:Patched-WQ [Trj]
17:13:29.531 Scan finished successfully
19:30:34.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\MBR.dat"
19:30:34.125 The log file has been saved successfully to "C:\Documents and Settings\Malcolm Hayles\Desktop\aswMBR.txt"
Attached Files
-
MBR.zip 589bytes
237 downloads
#7
Posted 12 September 2011 - 06:51 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
OTL logfile created on: 9/12/2011 7:43:38 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Malcolm Hayles\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 596.83 Mb Available Physical Memory | 58.85% Memory free
2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 30.01 Gb Free Space | 56.94% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.67 Gb Free Space | 87.46% Space Free | Partition Type: FAT
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/12 00:36:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\OTL.exe
PRC - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/01/19 17:08:24 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
MOD - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
MOD - [2009/09/03 11:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- -- (RalinkRegistryWriter)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/12/10 11:16:16 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/05/05 12:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/08/18 00:42:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "speedhunters.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/05 07:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/05 07:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 00:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 07:24:52 | 000,000,000 | ---D | M]
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions\[email protected]
[2011/09/05 05:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/05 07:22:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/12 00:40:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6E3222-0C77-4C17-909E-D2CF621F227B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell - "" = AutoRun
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk - C:\Program Files\Ralink\Common\RaUI.exe - (Ralink Technology, Corp.)
MsConfig - StartUpFolder: C:^Documents and Settings^Malcolm Hayles^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: ISTray - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Security Protection - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: 18739229.sys - Driver
SafeBootMin: 67898292.sys - Driver
SafeBootMin: 80651887.sys - Driver
SafeBootMin: 95915485.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: 18739229.sys - Driver
SafeBootNet: 67898292.sys - Driver
SafeBootNet: 80651887.sys - Driver
SafeBootNet: 95915485.sys - Driver
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/09/12 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
[2011/09/12 01:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/12 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/12 00:36:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\OTL.exe
[2011/09/09 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games
[2011/09/09 18:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/09/09 18:41:03 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/09/09 18:40:59 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/09/09 18:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/09/09 18:30:08 | 000,000,000 | ---D | C] -- C:\AOE3
[2011/09/09 06:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/09/09 06:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\18 WoS American Long Haul
[2011/09/09 05:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\18 Wheels of Steel American Long Haul
[2011/09/09 05:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel American Long Haul
[2011/09/09 05:26:33 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/09/09 02:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WildGames
[2011/09/09 02:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/09 02:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/06 02:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/06 01:52:49 | 000,632,576 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2011/09/06 01:52:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/09/06 01:52:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/09/06 01:52:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/09/06 01:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2011/09/06 01:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/09/06 01:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/05 07:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/05 07:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/09/05 07:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 07:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Virtual DJ
[2011/09/05 07:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/09/05 07:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/05 07:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/05 07:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple
[2011/09/05 07:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/09/05 07:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\LimeWire
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ralink Wireless
[2011/09/05 07:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/09/05 07:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AVG10
[2011/09/05 07:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/09/05 06:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/05 06:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/05 05:59:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/05 05:59:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/05 05:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/05 05:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/05 04:44:28 | 000,898,048 | ---- | C] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[2011/09/03 15:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Inspiration
[2011/09/01 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/09/01 01:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\DJ
[2011/08/31 03:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2011/08/31 03:22:21 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/08/31 03:22:21 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/08/31 03:22:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/08/31 03:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/08/31 03:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/08/30 13:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\LimeWire
[2011/08/29 04:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/08/29 04:43:41 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/08/29 04:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/08/29 04:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/08/29 04:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/29 04:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/29 04:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/29 04:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
[2011/08/28 15:32:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/08/28 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Albums
[2011/08/28 00:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/28 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/28 00:37:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/28 00:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/08/26 21:46:32 | 000,796,032 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/08/26 21:46:32 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/08/26 21:46:32 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/08/26 21:46:31 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/08/26 21:46:31 | 000,152,968 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/08/26 21:46:30 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/08/26 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ralink
[2011/08/26 21:46:00 | 000,709,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2011/08/26 21:46:00 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/08/26 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/08/26 21:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/08/24 22:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Adobe
[2011/08/24 22:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My eBooks
[2011/08/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 14:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2011/08/23 12:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/23 12:33:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/08/23 01:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/23 01:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/23 01:32:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/23 01:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/23 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\BrowserPlus
[2011/08/23 01:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
[2011/08/23 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/08/23 01:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/08/23 00:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/08/23 00:53:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 00:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/23 00:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/08/23 00:29:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 00:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Google Chrome
[2011/08/23 00:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
[2011/08/23 00:17:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\PrivacIE
[2011/08/23 00:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\IETldCache
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Videos
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/08/22 23:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/08/22 23:50:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/22 23:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/08/22 22:46:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Pictures
[2011/08/22 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/08/22 22:25:11 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2011/08/22 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/08/22 22:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
[2011/08/22 21:55:19 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/08/22 21:42:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC7b8f6.rra
[2011/08/22 21:42:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL7b6d3.rra
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/12 19:31:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/09/12 14:22:34 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/12 14:22:34 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/12 01:02:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/12 01:02:10 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/12 01:02:09 | 000,050,112 | -HS- | M] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/12 01:00:32 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/09/12 00:36:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\OTL.exe
[2011/09/11 22:31:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/09/09 18:42:15 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/09 18:34:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3425845141
[2011/09/09 18:30:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DENISE-Denise Hayles).job
[2011/09/09 06:17:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 05:36:17 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:47 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 15:48:59 | 000,533,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 07:08:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/09/05 04:52:32 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/05 04:44:54 | 000,898,048 | ---- | M] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[2011/09/04 17:07:03 | 131,110,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/03 18:53:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 03:16:12 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/01 01:52:18 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:53:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/29 04:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/29 04:43:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/29 04:43:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/29 04:41:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/29 04:39:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/28 04:33:49 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/28 01:35:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/27 22:54:58 | 000,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/27 22:54:57 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/23 14:57:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 12:53:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:39:59 | 000,064,672 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/08/23 00:28:29 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:16:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 21:25:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/09 18:42:15 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/09 05:36:17 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/09/06 01:52:47 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 07:50:12 | 000,050,112 | -HS- | C] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/05 07:25:59 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/05 05:21:47 | 000,533,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 04:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3425845141
[2011/09/04 17:07:03 | 131,110,345 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 04:43:47 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/08/29 04:43:46 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/08/29 04:39:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/29 04:32:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/29 04:32:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/28 04:33:49 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/26 21:46:33 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/08/26 21:46:32 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/08/26 21:46:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/08/26 21:45:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/08/23 12:53:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 12:39:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:28:29 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:20:30 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/08/23 00:20:29 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/08/22 23:53:29 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/22 22:00:33 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/22 21:59:34 | 000,003,610 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/22 21:59:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/22 21:25:57 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2006/08/23 18:54:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\fusioncache.dat
[2006/08/22 22:15:49 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/22 22:15:49 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/08/22 21:49:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/18 00:59:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 00:52:25 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 00:48:41 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/18 00:46:18 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/18 00:45:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/08/18 00:42:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/18 00:19:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/18 00:18:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== LOP Check ==========
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/23 01:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/23 00:53:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 01:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/26 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/09/05 07:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/06 01:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/18 00:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/12 01:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/09/05 07:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Hayles\Application Data\AVG10
[2006/08/22 20:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Hayles\Application Data\WildTangent
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AVG10
[2011/09/09 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/09/06 02:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*.exe >
[2011/09/05 04:44:54 | 000,898,048 | ---- | M] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
< %APPDATA%\*. >
[2011/08/24 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/09/05 07:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/08/29 05:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AVG10
[2011/08/22 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/09/05 07:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2006/08/18 00:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Gtek
[2004/08/10 12:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Identities
[2011/09/06 01:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/09 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/22 22:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/09/05 07:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/08/22 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\McAfee.com Personal Firewall
[2011/08/22 22:06:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft
[2011/09/05 07:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2006/08/18 00:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Sun
[2006/08/18 00:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Symantec
[2011/09/08 04:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/06 02:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/09 02:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/08/23 12:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
< MD5 for: EXPLORER.EXE >
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
< MD5 for: SVCHOST.EXE >
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB22540$] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3425845141:1791020339.exe
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Malcolm Hayles\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 596.83 Mb Available Physical Memory | 58.85% Memory free
2.38 Gb Paging File | 1.97 Gb Available in Paging File | 82.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 30.01 Gb Free Space | 56.94% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.67 Gb Free Space | 87.46% Space Free | Partition Type: FAT
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/12 00:36:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\OTL.exe
PRC - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/01/19 17:08:24 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
MOD - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
MOD - [2009/09/03 11:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- -- (RalinkRegistryWriter)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/12/10 11:16:16 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/05/05 12:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/08/18 00:42:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "speedhunters.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/05 07:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/05 07:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 00:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 07:24:52 | 000,000,000 | ---D | M]
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions\[email protected]
[2011/09/05 05:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/05 07:22:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/12 00:40:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6E3222-0C77-4C17-909E-D2CF621F227B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell - "" = AutoRun
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk - C:\Program Files\Ralink\Common\RaUI.exe - (Ralink Technology, Corp.)
MsConfig - StartUpFolder: C:^Documents and Settings^Malcolm Hayles^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: ISTray - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Security Protection - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: 18739229.sys - Driver
SafeBootMin: 67898292.sys - Driver
SafeBootMin: 80651887.sys - Driver
SafeBootMin: 95915485.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: 18739229.sys - Driver
SafeBootNet: 67898292.sys - Driver
SafeBootNet: 80651887.sys - Driver
SafeBootNet: 95915485.sys - Driver
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/09/12 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
[2011/09/12 01:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/12 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/12 00:36:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\OTL.exe
[2011/09/09 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games
[2011/09/09 18:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/09/09 18:41:03 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/09/09 18:40:59 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/09/09 18:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/09/09 18:30:08 | 000,000,000 | ---D | C] -- C:\AOE3
[2011/09/09 06:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/09/09 06:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\18 WoS American Long Haul
[2011/09/09 05:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\18 Wheels of Steel American Long Haul
[2011/09/09 05:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel American Long Haul
[2011/09/09 05:26:33 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/09/09 02:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WildGames
[2011/09/09 02:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/09 02:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/06 02:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/06 01:52:49 | 000,632,576 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2011/09/06 01:52:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/09/06 01:52:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/09/06 01:52:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/09/06 01:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2011/09/06 01:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/09/06 01:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/05 07:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/05 07:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/09/05 07:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 07:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Virtual DJ
[2011/09/05 07:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/09/05 07:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/05 07:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/05 07:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple
[2011/09/05 07:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/09/05 07:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\LimeWire
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ralink Wireless
[2011/09/05 07:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/09/05 07:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AVG10
[2011/09/05 07:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/09/05 06:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/05 06:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/05 05:59:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/05 05:59:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/05 05:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/05 05:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/05 04:44:28 | 000,898,048 | ---- | C] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[2011/09/03 15:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Inspiration
[2011/09/01 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/09/01 01:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\DJ
[2011/08/31 03:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2011/08/31 03:22:21 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/08/31 03:22:21 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/08/31 03:22:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/08/31 03:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/08/31 03:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/08/30 13:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\LimeWire
[2011/08/29 04:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/08/29 04:43:41 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/08/29 04:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/08/29 04:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/08/29 04:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/29 04:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/29 04:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/29 04:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
[2011/08/28 15:32:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/08/28 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Albums
[2011/08/28 00:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/28 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/28 00:37:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/28 00:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/08/26 21:46:32 | 000,796,032 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/08/26 21:46:32 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/08/26 21:46:32 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/08/26 21:46:31 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/08/26 21:46:31 | 000,152,968 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/08/26 21:46:30 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/08/26 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ralink
[2011/08/26 21:46:00 | 000,709,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2011/08/26 21:46:00 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/08/26 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/08/26 21:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/08/24 22:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Adobe
[2011/08/24 22:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My eBooks
[2011/08/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 14:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2011/08/23 12:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/23 12:33:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/08/23 01:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/23 01:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/23 01:32:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/23 01:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/23 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\BrowserPlus
[2011/08/23 01:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
[2011/08/23 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/08/23 01:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/08/23 00:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/08/23 00:53:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 00:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/23 00:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/08/23 00:29:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 00:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Google Chrome
[2011/08/23 00:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
[2011/08/23 00:17:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\PrivacIE
[2011/08/23 00:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\IETldCache
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Videos
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/08/22 23:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/08/22 23:50:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/22 23:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/08/22 22:46:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Pictures
[2011/08/22 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/08/22 22:25:11 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2011/08/22 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/08/22 22:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
[2011/08/22 21:55:19 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/08/22 21:42:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC7b8f6.rra
[2011/08/22 21:42:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL7b6d3.rra
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/12 19:31:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/09/12 14:22:34 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/12 14:22:34 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/12 01:02:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/12 01:02:10 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/12 01:02:09 | 000,050,112 | -HS- | M] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/12 01:00:32 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/09/12 00:36:47 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\OTL.exe
[2011/09/11 22:31:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/09/09 18:42:15 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/09 18:34:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3425845141
[2011/09/09 18:30:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DENISE-Denise Hayles).job
[2011/09/09 06:17:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 05:36:17 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:47 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 15:48:59 | 000,533,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 07:08:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/09/05 04:52:32 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/05 04:44:54 | 000,898,048 | ---- | M] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[2011/09/04 17:07:03 | 131,110,345 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/03 18:53:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 03:16:12 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/01 01:52:18 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:53:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/29 04:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/29 04:43:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/29 04:43:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/29 04:41:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/29 04:39:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/28 04:33:49 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/28 01:35:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/27 22:54:58 | 000,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/27 22:54:57 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/23 14:57:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 12:53:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:39:59 | 000,064,672 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/08/23 00:28:29 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:16:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 21:25:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/09 18:42:15 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/09 05:36:17 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/09/06 01:52:47 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 07:50:12 | 000,050,112 | -HS- | C] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/05 07:25:59 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/05 05:21:47 | 000,533,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 04:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3425845141
[2011/09/04 17:07:03 | 131,110,345 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/29 04:43:47 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/08/29 04:43:46 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/08/29 04:39:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/29 04:32:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/29 04:32:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/28 04:33:49 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/26 21:46:33 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/08/26 21:46:32 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/08/26 21:46:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/08/26 21:45:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/08/23 12:53:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 12:39:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:28:29 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:20:30 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/08/23 00:20:29 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/08/22 23:53:29 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/22 22:00:33 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/22 21:59:34 | 000,003,610 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/22 21:59:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/22 21:25:57 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2006/08/23 18:54:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\fusioncache.dat
[2006/08/22 22:15:49 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/22 22:15:49 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/08/22 21:49:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/18 00:59:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 00:52:25 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 00:48:41 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/18 00:46:18 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/18 00:45:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/08/18 00:42:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/18 00:19:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/18 00:18:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== LOP Check ==========
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/23 01:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/23 00:53:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 01:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/26 21:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/09/05 07:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/06 01:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/18 00:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/12 01:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/09/05 07:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Hayles\Application Data\AVG10
[2006/08/22 20:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Denise Hayles\Application Data\WildTangent
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AVG10
[2011/09/09 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/09/06 02:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*.exe >
[2011/09/05 04:44:54 | 000,898,048 | ---- | M] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
< %APPDATA%\*. >
[2011/08/24 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/09/05 07:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/08/29 05:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AVG10
[2011/08/22 22:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/09/05 07:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2006/08/18 00:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Gtek
[2004/08/10 12:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Identities
[2011/09/06 01:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/09 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/22 22:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/09/05 07:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/08/22 22:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\McAfee.com Personal Firewall
[2011/08/22 22:06:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft
[2011/09/05 07:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2006/08/18 00:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Sun
[2006/08/18 00:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Symantec
[2011/09/08 04:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/06 02:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/09 02:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/08/23 12:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
< MD5 for: EXPLORER.EXE >
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
< MD5 for: SVCHOST.EXE >
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/12 00:40:40 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/09/03 07:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 03:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB22540$] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3425845141:1791020339.exe
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
#8
Posted 13 September 2011 - 01:54 PM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hello
Lots of nice things there
Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.
If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
Next:
AVG is infected so we'll need to uninstall it. Please try not use your computer as much as possible while you're without an antivirus, to prevent further reinfection
G to Start > Control Panel. Open Add/Remove Hardware
Remove AVG and anything listed there that's related to it.
Next:
Run OTL
Next:
Next:
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Next:
Please read carefully and follow these steps.
Next:
Please download MBRCheck.exe to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
Lots of nice things there
Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.
If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.
- All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
- Banking and credit card institutions should be notified of the possible security breach.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
Next:
AVG is infected so we'll need to uninstall it. Please try not use your computer as much as possible while you're without an antivirus, to prevent further reinfection
G to Start > Control Panel. Open Add/Remove Hardware
Remove AVG and anything listed there that's related to it.
Next:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - File not found [Auto | Stopped] -- -- (YahooAUService)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/05 07:21:31 | 000,000,000 | ---D | M]
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-2729958953-299165680-4184242943-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell - "" = AutoRun
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ad53e1c-d28f-11e0-896b-30469a302497}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: Security Protection - hkey= - key= - File not found
SafeBootMin: 18739229.sys - Driver
SafeBootMin: 67898292.sys - Driver
SafeBootMin: 80651887.sys - Driver
SafeBootMin: 95915485.sys - Driver
[2011/09/05 04:44:28 | 000,898,048 | ---- | C] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2011/09/09 18:42:15 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/09 18:34:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3425845141
[2011/09/05 04:44:54 | 000,898,048 | ---- | M] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[2011/09/01 03:16:12 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2011/09/09 18:42:15 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/05 04:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3425845141
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/23 01:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2006/08/18 00:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/05 07:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AVG10
[2011/09/05 04:44:54 | 000,898,048 | ---- | M] (Лаборатория Касперского) -- C:\Documents and Settings\All Users\Application Data\qwerty.exe
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[C:\WINDOWS\$NtUninstallKB22540$] -> Error: Cannot create file handle -> Unknown point type
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3425845141:1791020339.exe
:Services
:Reg
:Files
C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\*.tmp
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again.
- Under Extra Registry select Use Safelist
- Under the Custom Scans/Fixes box at the bottom, paste in the following
C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\*.* /s
C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games\*.* /s
C:\AOE3\*.* /s - Click the Run Scan button. Post the two logs, OTL.txt and Extras.txt, it produces in your next reply.
Next:
- 1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop. - Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
Next:
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" for further review.
Next:
Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Next:
Please download MBRCheck.exe to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
#9
Posted 13 September 2011 - 05:03 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
OTL logfile created on: 9/13/2011 6:05:33 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 491.13 Mb Available Physical Memory | 48.43% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 31.46 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/13 17:57:05 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\OTL.exe
PRC - [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/12 00:40:42 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/23 14:57:49 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/01/19 17:08:24 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
MOD - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
MOD - [2009/09/03 11:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2006/08/18 00:53:32 | 000,574,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/08/18 00:53:32 | 000,111,616 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RalinkRegistryWriter)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2009/12/10 11:16:16 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/05/05 12:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/08/18 00:42:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "speedhunters.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/05 07:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 00:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 07:24:52 | 000,000,000 | ---D | M]
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions\[email protected]
[2011/09/05 05:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/05 07:22:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/12 00:40:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6E3222-0C77-4C17-909E-D2CF621F227B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/13 17:40:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 13:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Dell Games
[2011/09/13 06:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2011/09/12 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
[2011/09/12 01:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/12 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/09 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games
[2011/09/09 18:41:03 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/09/09 18:40:59 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/09/09 18:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/09/09 18:30:08 | 000,000,000 | ---D | C] -- C:\AOE3
[2011/09/09 06:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/09/09 06:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\18 WoS American Long Haul
[2011/09/09 05:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel American Long Haul
[2011/09/09 05:26:33 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/09/09 02:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/09 02:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/06 02:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/06 01:52:49 | 000,632,576 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2011/09/06 01:52:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/09/06 01:52:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/09/06 01:52:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/09/06 01:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2011/09/06 01:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/09/06 01:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/05 07:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/05 07:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/09/05 07:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 07:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Virtual DJ
[2011/09/05 07:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/09/05 07:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/05 07:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/05 07:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple
[2011/09/05 07:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/09/05 07:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\LimeWire
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ralink Wireless
[2011/09/05 07:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/09/05 06:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/05 06:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/05 05:59:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/05 05:59:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/05 05:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/05 05:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/03 15:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Inspiration
[2011/09/01 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/09/01 01:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\DJ
[2011/08/31 03:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2011/08/31 03:22:21 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/08/31 03:22:21 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/08/31 03:22:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/08/31 03:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/08/31 03:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/08/30 13:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\LimeWire
[2011/08/29 04:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/08/29 04:43:41 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/08/29 04:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/08/29 04:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/08/29 04:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/29 04:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/29 04:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/29 04:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
[2011/08/28 15:32:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/08/28 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Albums
[2011/08/28 00:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/28 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/28 00:37:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/28 00:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/08/26 21:46:32 | 000,796,032 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/08/26 21:46:32 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/08/26 21:46:32 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/08/26 21:46:31 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/08/26 21:46:31 | 000,152,968 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/08/26 21:46:30 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/08/26 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ralink
[2011/08/26 21:46:00 | 000,709,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2011/08/26 21:46:00 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/08/26 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/08/26 21:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/08/24 22:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Adobe
[2011/08/24 22:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My eBooks
[2011/08/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 14:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2011/08/23 12:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/23 01:32:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/23 01:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/23 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\BrowserPlus
[2011/08/23 01:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
[2011/08/23 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/08/23 01:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/08/23 00:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/08/23 00:53:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 00:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/23 00:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/08/23 00:29:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 00:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Google Chrome
[2011/08/23 00:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
[2011/08/23 00:17:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\PrivacIE
[2011/08/23 00:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\IETldCache
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Videos
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/08/22 23:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/08/22 23:50:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/22 23:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/08/22 22:46:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Pictures
[2011/08/22 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/08/22 22:25:11 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2011/08/22 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/08/22 22:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
[2011/08/22 21:55:19 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/08/22 21:42:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC7b8f6.rra
[2011/08/22 21:42:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL7b6d3.rra
========== Files - Modified Within 30 Days ==========
[2011/09/13 18:05:04 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/13 18:05:04 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/13 18:00:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/13 18:00:56 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 17:31:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/09/13 17:14:53 | 000,050,112 | -HS- | M] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/13 13:39:46 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/12 22:31:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/09/12 01:00:32 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/09/09 18:30:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DENISE-Denise Hayles).job
[2011/09/09 06:17:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 05:36:17 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:47 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 15:48:59 | 000,533,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 07:08:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/09/05 04:52:32 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 18:53:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 01:52:18 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:53:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/29 04:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/29 04:43:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/29 04:43:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/29 04:41:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/29 04:39:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/28 04:33:49 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/28 01:35:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/27 22:54:58 | 000,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/27 22:54:57 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/23 14:57:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 12:53:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:39:59 | 000,064,672 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/08/23 00:28:29 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:16:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 21:25:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
========== Files Created - No Company Name ==========
[2011/09/13 13:39:46 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/09 05:36:17 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/09/06 01:52:47 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 07:50:12 | 000,050,112 | -HS- | C] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/05 07:25:59 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/05 05:21:47 | 000,533,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/29 04:43:47 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/08/29 04:43:46 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/08/29 04:39:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/29 04:32:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/29 04:32:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/28 04:33:49 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/26 21:46:33 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/08/26 21:46:32 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/08/26 21:46:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/08/26 21:45:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/08/23 12:53:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 12:39:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:28:29 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:20:30 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/08/23 00:20:29 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/08/22 23:53:29 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/22 22:00:33 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/22 21:59:34 | 000,003,610 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/22 21:59:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/22 21:25:57 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2006/08/23 18:54:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\fusioncache.dat
[2006/08/22 22:15:49 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/22 22:15:49 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/08/22 21:49:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/18 00:59:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 00:52:25 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 00:48:41 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/18 00:46:18 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/18 00:45:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/08/18 00:42:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/18 00:19:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/18 00:18:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== Custom Scans ==========
< C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\*.* /s >
[2011/09/12 12:46:38 | 000,001,067 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Age3Log.txt
[2011/09/12 13:49:48 | 000,037,712 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\elizabeth.personality
[2011/09/12 13:49:48 | 000,047,308 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\Frederick.personality
[2011/09/12 13:49:05 | 000,051,664 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\henry.personality
[2011/09/12 13:45:59 | 000,051,754 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\Ivan.personality
[2011/09/12 13:40:02 | 000,036,654 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\napoleon.personality
[2011/09/12 13:49:48 | 000,029,552 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\Suleiman.personality
[2011/09/12 13:49:48 | 000,029,594 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\William.personality
[2011/09/12 06:32:11 | 000,133,900 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMAmazonia.dmp.txt
[2011/09/10 08:59:13 | 000,129,293 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMCarolina.dmp.txt
[2011/09/12 12:52:11 | 000,152,095 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMGreat Lakes.dmp.txt
[2011/09/11 09:58:54 | 000,133,428 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMNew England.dmp.txt
[2011/09/12 12:50:34 | 000,125,620 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMrockies.dmp.txt
[2011/09/09 18:54:56 | 000,004,748 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Savegame\homecitytutorial.xml
[2011/09/12 13:54:57 | 000,006,086 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Savegame\LastHomeCity.xml
[2011/09/12 13:54:57 | 000,006,086 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Savegame\sp_Seville_homecity.xml
[2011/09/12 12:52:29 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Trigger\trigtemp.xs
[2011/09/12 13:55:04 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Users\LastProfile.dat
[2011/09/12 13:05:18 | 000,179,676 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Users\NewProfile.xml
< C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games\*.* /s >
< C:\AOE3\*.* /s >
[2005/04/04 11:40:12 | 000,005,515 | ---- | M] () -- C:\AOE3\0x0409.ini
[2005/08/23 03:52:19 | 000,000,068 | ---- | M] () -- C:\AOE3\Age 3 Survey.url
[2005/09/20 06:27:32 | 001,603,072 | ---- | M] () -- C:\AOE3\Age of Empires III.msi
[2005/09/17 03:51:12 | 000,999,424 | ---- | M] (Microsoft Corporation) -- C:\AOE3\autorun.exe
[2005/08/01 23:44:27 | 000,000,225 | ---- | M] () -- C:\AOE3\Autorun.inf
[2005/10/09 09:03:29 | 000,001,211 | ---- | M] () -- C:\AOE3\CD-Key.txt
[2005/09/20 06:23:50 | 485,227,924 | ---- | M] () -- C:\AOE3\Disk1C~1.cab
[2005/09/20 06:25:31 | 586,589,686 | ---- | M] () -- C:\AOE3\Disk2C~1.cab
[2005/09/20 06:26:45 | 567,956,835 | ---- | M] () -- C:\AOE3\Disk3C~1.cab
[2005/04/04 11:35:38 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\AOE3\instmsia.exe
[2005/04/04 11:35:38 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\AOE3\instmsiw.exe
[2005/04/04 15:07:28 | 000,982,016 | ---- | M] () -- C:\AOE3\ISScript11.Msi
[2005/08/23 07:20:19 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\AOE3\mgspid.dll
[2005/08/20 09:48:17 | 000,039,424 | ---- | M] () -- C:\AOE3\PidGen.dll
[2005/09/20 11:51:02 | 000,046,598 | ---- | M] () -- C:\AOE3\Readme.rtf
[2005/09/20 06:04:52 | 000,253,952 | ---- | M] (Microsoft Game Studios ) -- C:\AOE3\setup.exe
[2005/09/20 06:26:55 | 000,002,127 | ---- | M] () -- C:\AOE3\Setup.ini
[2005/08/30 23:28:54 | 001,298,296 | ---- | M] () -- C:\AOE3\setup.isn
[2005/07/29 05:19:54 | 000,033,792 | ---- | M] () -- C:\AOE3\SetupENU.dll
[2003/06/18 04:22:24 | 000,028,097 | ---- | M] () -- C:\AOE3\setupInc.idx
[2003/08/05 12:46:18 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\AOE3\splash.exe
[2005/09/17 09:31:38 | 000,921,656 | ---- | M] () -- C:\AOE3\splashimage.bmp
[2005/08/13 00:48:36 | 000,040,960 | ---- | M] () -- C:\AOE3\SSE.dll
[2002/11/20 01:38:08 | 000,004,000 | ---- | M] () -- C:\AOE3\SSIFSDAT.SYS
[2005/04/14 02:19:06 | 002,587,408 | ---- | M] (Microsoft Corporation) -- C:\AOE3\WindowsInstaller-KB893803-x86.exe
[2 C:\AOE3\*.tmp files -> C:\AOE3\*.tmp -> ]
[2005/09/20 06:53:45 | 008,571,392 | ---- | M] (Ensemble Studios) -- C:\AOE3\Age of Empires III\age3.exe
[2005/09/20 03:28:38 | 000,835,584 | ---- | M] () -- C:\AOE3\Age of Empires III\autopatcher.exe
[2005/09/20 03:30:24 | 000,330,312 | ---- | M] () -- C:\AOE3\Age of Empires III\eula.rtf
[2005/09/20 03:28:42 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\AOE3\Age of Empires III\mgspid.dll
[2005/09/20 11:51:02 | 000,046,598 | ---- | M] () -- C:\AOE3\Age of Empires III\Readme.rtf
[2005/09/20 03:32:20 | 002,460,760 | ---- | M] () -- C:\AOE3\Age of Empires III\data\stringtable.xml
[2005/09/20 03:33:06 | 000,406,480 | ---- | M] () -- C:\AOE3\Age of Empires III\data\stringtable.xml.xmb
[2005/09/17 08:14:00 | 005,381,624 | ---- | M] () -- C:\AOE3\Age of Empires III\History Channel Trailers\DiggingForTheTruth.wmv
[2005/10/08 21:26:51 | 009,859,072 | ---- | M] (Ensemble Studios) -- C:\AOE3\Crack\age3.exe
[2005/03/19 09:40:19 | 001,348,242 | ---- | M] () -- C:\AOE3\directx9\Apr2005_d3dx9_25_x64.cab
[2005/03/19 09:40:19 | 001,079,850 | ---- | M] () -- C:\AOE3\directx9\Apr2005_d3dx9_25_x86.cab
[2005/03/19 09:40:19 | 000,911,188 | ---- | M] () -- C:\AOE3\directx9\Apr2005_MDX_x86.cab
[2004/09/28 03:29:45 | 000,703,080 | ---- | M] () -- C:\AOE3\directx9\BDA.cab
[2004/09/28 03:29:45 | 001,156,363 | ---- | M] () -- C:\AOE3\directx9\BDANT.cab
[2004/09/28 03:29:45 | 000,976,020 | ---- | M] () -- C:\AOE3\directx9\BDAXP.cab
[2004/09/28 03:29:47 | 015,493,481 | ---- | M] () -- C:\AOE3\directx9\DirectX.cab
[2005/05/27 06:33:36 | 000,075,472 | ---- | M] (Microsoft Corporation) -- C:\AOE3\directx9\DSETUP.dll
[2005/05/27 06:34:51 | 002,245,840 | ---- | M] (Microsoft Corporation) -- C:\AOE3\directx9\dsetup32.dll
[2004/09/28 03:29:50 | 013,265,040 | ---- | M] () -- C:\AOE3\directx9\dxnt.cab
[2005/05/27 06:34:41 | 000,482,000 | ---- | M] (Microsoft Corporation) -- C:\AOE3\directx9\DXSETUP.exe
[2005/05/27 06:35:19 | 000,067,440 | ---- | M] () -- C:\AOE3\directx9\dxupdate.cab
[2005/05/27 06:49:28 | 001,336,890 | ---- | M] () -- C:\AOE3\directx9\Jun2005_d3dx9_26_x64.cab
[2005/05/27 06:49:28 | 001,065,813 | ---- | M] () -- C:\AOE3\directx9\Jun2005_d3dx9_26_x86.cab
[2005/05/27 06:49:28 | 000,916,000 | ---- | M] () -- C:\AOE3\directx9\Jun2005_MDX_x86.cab
[2005/09/20 03:35:00 | 006,327,529 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Dansk.pdf
[2005/09/20 03:35:00 | 006,278,599 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Norsk.pdf
[2005/09/20 03:35:02 | 006,279,233 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Suomi.pdf
[2005/09/20 03:35:02 | 006,241,436 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Svensk.pdf
[2005/09/20 03:35:04 | 009,272,265 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Dansk.pdf
[2005/09/20 03:35:06 | 009,270,254 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Norsk.pdf
[2005/09/20 03:35:08 | 009,266,341 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Suomi.pdf
[2005/09/20 03:35:08 | 009,184,035 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Svensk.pdf
[2005/09/20 03:35:10 | 003,756,868 | ---- | M] () -- C:\AOE3\docs\AOEIIIStandard_Manual_NA.pdf
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 491.13 Mb Available Physical Memory | 48.43% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 31.46 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/13 17:57:05 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\OTL.exe
PRC - [2011/09/12 00:40:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2011/09/12 00:40:42 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/23 14:57:49 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/01/19 17:08:24 | 000,323,584 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
MOD - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
MOD - [2009/09/03 11:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2006/08/18 00:53:32 | 000,574,976 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/08/18 00:53:32 | 000,111,616 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RalinkRegistryWriter)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2009/12/10 11:16:16 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/05/05 12:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/08/18 00:42:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "speedhunters.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/05 07:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 00:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 07:24:52 | 000,000,000 | ---D | M]
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions\[email protected]
[2011/09/05 05:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/05 07:22:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/12 00:40:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF6E3222-0C77-4C17-909E-D2CF621F227B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/13 17:40:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 13:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Dell Games
[2011/09/13 06:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2011/09/12 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
[2011/09/12 01:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/12 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/09 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games
[2011/09/09 18:41:03 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/09/09 18:40:59 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/09/09 18:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/09/09 18:30:08 | 000,000,000 | ---D | C] -- C:\AOE3
[2011/09/09 06:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/09/09 06:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\18 WoS American Long Haul
[2011/09/09 05:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel American Long Haul
[2011/09/09 05:26:33 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/09/09 02:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/09 02:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/06 02:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/06 01:52:49 | 000,632,576 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2011/09/06 01:52:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/09/06 01:52:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/09/06 01:52:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/09/06 01:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2011/09/06 01:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/09/06 01:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/05 07:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/05 07:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/09/05 07:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 07:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Virtual DJ
[2011/09/05 07:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/09/05 07:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/05 07:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/05 07:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple
[2011/09/05 07:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/09/05 07:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\LimeWire
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ralink Wireless
[2011/09/05 07:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/09/05 06:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/05 06:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/05 05:59:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/05 05:59:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/05 05:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/05 05:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/03 15:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Inspiration
[2011/09/01 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/09/01 01:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\DJ
[2011/08/31 03:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2011/08/31 03:22:21 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/08/31 03:22:21 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/08/31 03:22:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/08/31 03:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/08/31 03:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/08/30 13:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\LimeWire
[2011/08/29 04:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/08/29 04:43:41 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/08/29 04:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/08/29 04:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/08/29 04:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/29 04:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/29 04:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/29 04:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
[2011/08/28 15:32:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/08/28 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Albums
[2011/08/28 00:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/28 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/28 00:37:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/28 00:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/08/26 21:46:32 | 000,796,032 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/08/26 21:46:32 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/08/26 21:46:32 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/08/26 21:46:31 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/08/26 21:46:31 | 000,152,968 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/08/26 21:46:30 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/08/26 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ralink
[2011/08/26 21:46:00 | 000,709,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2011/08/26 21:46:00 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/08/26 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/08/26 21:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/08/24 22:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Adobe
[2011/08/24 22:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My eBooks
[2011/08/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 14:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2011/08/23 12:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/23 01:32:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/23 01:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/08/23 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\BrowserPlus
[2011/08/23 01:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
[2011/08/23 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/08/23 01:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/08/23 00:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/08/23 00:53:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 00:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/23 00:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/08/23 00:29:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 00:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Google Chrome
[2011/08/23 00:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
[2011/08/23 00:17:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\PrivacIE
[2011/08/23 00:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\IETldCache
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Videos
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/08/22 23:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/08/22 23:50:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/22 23:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/08/22 22:46:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Pictures
[2011/08/22 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/08/22 22:25:11 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2011/08/22 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/08/22 22:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
[2011/08/22 21:55:19 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/08/22 21:42:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC7b8f6.rra
[2011/08/22 21:42:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL7b6d3.rra
========== Files - Modified Within 30 Days ==========
[2011/09/13 18:05:04 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/13 18:05:04 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/13 18:00:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/13 18:00:56 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/13 17:31:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/09/13 17:14:53 | 000,050,112 | -HS- | M] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/13 13:39:46 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/12 22:31:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/09/12 01:00:32 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2011/09/09 18:30:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DENISE-Denise Hayles).job
[2011/09/09 06:17:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 05:36:17 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:47 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 15:48:59 | 000,533,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 07:08:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/09/05 04:52:32 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 18:53:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 01:52:18 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:53:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/29 04:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/29 04:43:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/29 04:43:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/29 04:41:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/29 04:39:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/28 04:33:49 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/28 01:35:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/27 22:54:58 | 000,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/27 22:54:57 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/23 14:57:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 12:53:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:39:59 | 000,064,672 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/08/23 00:28:29 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:16:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 21:25:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
========== Files Created - No Company Name ==========
[2011/09/13 13:39:46 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/09 05:36:17 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/06 01:52:49 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2011/09/06 01:52:47 | 000,000,633 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 07:50:12 | 000,050,112 | -HS- | C] () -- C:\WINDOWS\System32\c_12502.nl_
[2011/09/05 07:25:59 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/05 05:21:47 | 000,533,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/29 04:43:47 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/08/29 04:43:46 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/08/29 04:39:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/29 04:32:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/29 04:32:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/28 04:33:49 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/26 21:46:33 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/08/26 21:46:32 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/08/26 21:46:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/08/26 21:45:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/08/23 12:53:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 12:39:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:28:29 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:20:30 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/08/23 00:20:29 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/08/22 23:53:29 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/22 22:00:33 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/22 21:59:34 | 000,003,610 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/22 21:59:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/22 21:25:57 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2006/08/23 18:54:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\fusioncache.dat
[2006/08/22 22:15:49 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/22 22:15:49 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/08/22 21:49:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/18 00:59:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 00:52:25 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 00:48:41 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/18 00:46:18 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/18 00:45:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/08/18 00:42:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/18 00:19:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/18 00:18:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== Custom Scans ==========
< C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\*.* /s >
[2011/09/12 12:46:38 | 000,001,067 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Age3Log.txt
[2011/09/12 13:49:48 | 000,037,712 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\elizabeth.personality
[2011/09/12 13:49:48 | 000,047,308 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\Frederick.personality
[2011/09/12 13:49:05 | 000,051,664 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\henry.personality
[2011/09/12 13:45:59 | 000,051,754 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\Ivan.personality
[2011/09/12 13:40:02 | 000,036,654 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\napoleon.personality
[2011/09/12 13:49:48 | 000,029,552 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\Suleiman.personality
[2011/09/12 13:49:48 | 000,029,594 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\AI\William.personality
[2011/09/12 06:32:11 | 000,133,900 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMAmazonia.dmp.txt
[2011/09/10 08:59:13 | 000,129,293 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMCarolina.dmp.txt
[2011/09/12 12:52:11 | 000,152,095 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMGreat Lakes.dmp.txt
[2011/09/11 09:58:54 | 000,133,428 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMNew England.dmp.txt
[2011/09/12 12:50:34 | 000,125,620 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\RM\Age3RMrockies.dmp.txt
[2011/09/09 18:54:56 | 000,004,748 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Savegame\homecitytutorial.xml
[2011/09/12 13:54:57 | 000,006,086 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Savegame\LastHomeCity.xml
[2011/09/12 13:54:57 | 000,006,086 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Savegame\sp_Seville_homecity.xml
[2011/09/12 12:52:29 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Trigger\trigtemp.xs
[2011/09/12 13:55:04 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Users\LastProfile.dat
[2011/09/12 13:05:18 | 000,179,676 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games\Age of Empires 3\Users\NewProfile.xml
< C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games\*.* /s >
< C:\AOE3\*.* /s >
[2005/04/04 11:40:12 | 000,005,515 | ---- | M] () -- C:\AOE3\0x0409.ini
[2005/08/23 03:52:19 | 000,000,068 | ---- | M] () -- C:\AOE3\Age 3 Survey.url
[2005/09/20 06:27:32 | 001,603,072 | ---- | M] () -- C:\AOE3\Age of Empires III.msi
[2005/09/17 03:51:12 | 000,999,424 | ---- | M] (Microsoft Corporation) -- C:\AOE3\autorun.exe
[2005/08/01 23:44:27 | 000,000,225 | ---- | M] () -- C:\AOE3\Autorun.inf
[2005/10/09 09:03:29 | 000,001,211 | ---- | M] () -- C:\AOE3\CD-Key.txt
[2005/09/20 06:23:50 | 485,227,924 | ---- | M] () -- C:\AOE3\Disk1C~1.cab
[2005/09/20 06:25:31 | 586,589,686 | ---- | M] () -- C:\AOE3\Disk2C~1.cab
[2005/09/20 06:26:45 | 567,956,835 | ---- | M] () -- C:\AOE3\Disk3C~1.cab
[2005/04/04 11:35:38 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\AOE3\instmsia.exe
[2005/04/04 11:35:38 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\AOE3\instmsiw.exe
[2005/04/04 15:07:28 | 000,982,016 | ---- | M] () -- C:\AOE3\ISScript11.Msi
[2005/08/23 07:20:19 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\AOE3\mgspid.dll
[2005/08/20 09:48:17 | 000,039,424 | ---- | M] () -- C:\AOE3\PidGen.dll
[2005/09/20 11:51:02 | 000,046,598 | ---- | M] () -- C:\AOE3\Readme.rtf
[2005/09/20 06:04:52 | 000,253,952 | ---- | M] (Microsoft Game Studios ) -- C:\AOE3\setup.exe
[2005/09/20 06:26:55 | 000,002,127 | ---- | M] () -- C:\AOE3\Setup.ini
[2005/08/30 23:28:54 | 001,298,296 | ---- | M] () -- C:\AOE3\setup.isn
[2005/07/29 05:19:54 | 000,033,792 | ---- | M] () -- C:\AOE3\SetupENU.dll
[2003/06/18 04:22:24 | 000,028,097 | ---- | M] () -- C:\AOE3\setupInc.idx
[2003/08/05 12:46:18 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\AOE3\splash.exe
[2005/09/17 09:31:38 | 000,921,656 | ---- | M] () -- C:\AOE3\splashimage.bmp
[2005/08/13 00:48:36 | 000,040,960 | ---- | M] () -- C:\AOE3\SSE.dll
[2002/11/20 01:38:08 | 000,004,000 | ---- | M] () -- C:\AOE3\SSIFSDAT.SYS
[2005/04/14 02:19:06 | 002,587,408 | ---- | M] (Microsoft Corporation) -- C:\AOE3\WindowsInstaller-KB893803-x86.exe
[2 C:\AOE3\*.tmp files -> C:\AOE3\*.tmp -> ]
[2005/09/20 06:53:45 | 008,571,392 | ---- | M] (Ensemble Studios) -- C:\AOE3\Age of Empires III\age3.exe
[2005/09/20 03:28:38 | 000,835,584 | ---- | M] () -- C:\AOE3\Age of Empires III\autopatcher.exe
[2005/09/20 03:30:24 | 000,330,312 | ---- | M] () -- C:\AOE3\Age of Empires III\eula.rtf
[2005/09/20 03:28:42 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\AOE3\Age of Empires III\mgspid.dll
[2005/09/20 11:51:02 | 000,046,598 | ---- | M] () -- C:\AOE3\Age of Empires III\Readme.rtf
[2005/09/20 03:32:20 | 002,460,760 | ---- | M] () -- C:\AOE3\Age of Empires III\data\stringtable.xml
[2005/09/20 03:33:06 | 000,406,480 | ---- | M] () -- C:\AOE3\Age of Empires III\data\stringtable.xml.xmb
[2005/09/17 08:14:00 | 005,381,624 | ---- | M] () -- C:\AOE3\Age of Empires III\History Channel Trailers\DiggingForTheTruth.wmv
[2005/10/08 21:26:51 | 009,859,072 | ---- | M] (Ensemble Studios) -- C:\AOE3\Crack\age3.exe
[2005/03/19 09:40:19 | 001,348,242 | ---- | M] () -- C:\AOE3\directx9\Apr2005_d3dx9_25_x64.cab
[2005/03/19 09:40:19 | 001,079,850 | ---- | M] () -- C:\AOE3\directx9\Apr2005_d3dx9_25_x86.cab
[2005/03/19 09:40:19 | 000,911,188 | ---- | M] () -- C:\AOE3\directx9\Apr2005_MDX_x86.cab
[2004/09/28 03:29:45 | 000,703,080 | ---- | M] () -- C:\AOE3\directx9\BDA.cab
[2004/09/28 03:29:45 | 001,156,363 | ---- | M] () -- C:\AOE3\directx9\BDANT.cab
[2004/09/28 03:29:45 | 000,976,020 | ---- | M] () -- C:\AOE3\directx9\BDAXP.cab
[2004/09/28 03:29:47 | 015,493,481 | ---- | M] () -- C:\AOE3\directx9\DirectX.cab
[2005/05/27 06:33:36 | 000,075,472 | ---- | M] (Microsoft Corporation) -- C:\AOE3\directx9\DSETUP.dll
[2005/05/27 06:34:51 | 002,245,840 | ---- | M] (Microsoft Corporation) -- C:\AOE3\directx9\dsetup32.dll
[2004/09/28 03:29:50 | 013,265,040 | ---- | M] () -- C:\AOE3\directx9\dxnt.cab
[2005/05/27 06:34:41 | 000,482,000 | ---- | M] (Microsoft Corporation) -- C:\AOE3\directx9\DXSETUP.exe
[2005/05/27 06:35:19 | 000,067,440 | ---- | M] () -- C:\AOE3\directx9\dxupdate.cab
[2005/05/27 06:49:28 | 001,336,890 | ---- | M] () -- C:\AOE3\directx9\Jun2005_d3dx9_26_x64.cab
[2005/05/27 06:49:28 | 001,065,813 | ---- | M] () -- C:\AOE3\directx9\Jun2005_d3dx9_26_x86.cab
[2005/05/27 06:49:28 | 000,916,000 | ---- | M] () -- C:\AOE3\directx9\Jun2005_MDX_x86.cab
[2005/09/20 03:35:00 | 006,327,529 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Dansk.pdf
[2005/09/20 03:35:00 | 006,278,599 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Norsk.pdf
[2005/09/20 03:35:02 | 006,279,233 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Suomi.pdf
[2005/09/20 03:35:02 | 006,241,436 | ---- | M] () -- C:\AOE3\docs\AGE3_Manual_Svensk.pdf
[2005/09/20 03:35:04 | 009,272,265 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Dansk.pdf
[2005/09/20 03:35:06 | 009,270,254 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Norsk.pdf
[2005/09/20 03:35:08 | 009,266,341 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Suomi.pdf
[2005/09/20 03:35:08 | 009,184,035 | ---- | M] () -- C:\AOE3\docs\AGE3_QRC_ Svensk.pdf
[2005/09/20 03:35:10 | 003,756,868 | ---- | M] () -- C:\AOE3\docs\AOEIIIStandard_Manual_NA.pdf
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Edited by MacBoznyII, 13 September 2011 - 05:08 PM.
#10
Posted 13 September 2011 - 05:09 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
OTL Extras logfile created on: 9/13/2011 6:05:33 PM - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 491.13 Mb Available Physical Memory | 48.43% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 31.46 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Ralink\Common\ApUI.exe" = C:\Program Files\Ralink\Common\ApUI.exe:*:Enabled:Ralink Wireless Access Point Utility -- (Ralink Technology, Corp.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207.exe" = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207.exe:*:Enabled:PC Tools Installer -- ()
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-OQ0UB.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-OQ0UB.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-880AM.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-880AM.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Program Files\PC Tools Security\Update.exe" = C:\Program Files\PC Tools Security\Update.exe:*:Enabled:PC Tools Smart Update
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java™ Update Checker -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Dell Support\DSAgnt.exe" = C:\Program Files\Dell Support\DSAgnt.exe:*:Enabled:Dell Support -- (Gteko Ltd.)
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\_iu14D2N.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\_iu14D2N.tmp:*:Enabled:Setup/Uninstall
"C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207(1).exe" = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207(1).exe:*:Enabled:PC Tools Installer -- ()
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-F905Q.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-F905Q.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Program Files\RegCure\RegCure.exe" = C:\Program Files\RegCure\RegCure.exe:*:Enabled:RegCure Application
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-2MVIO.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-2MVIO.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\tdsskiller\TDSSKiller.exe" = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\tdsskiller\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool -- (Kaspersky Lab ZAO)
"C:\Documents and Settings\Malcolm Hayles\Desktop\sdsetup_revwire207.exe" = C:\Documents and Settings\Malcolm Hayles\Desktop\sdsetup_revwire207.exe:*:Enabled:PC Tools Installer
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-5I1O1.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-5I1O1.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe" = C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe:*:Enabled:ArcadeClient -- (WildTangent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 26
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2C927BC2-D402-4781-97BD-920E415847A2}" = 6200Trb
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5B8B3C61-BDF7-4882-807E-A30AF1A64A9C}" = 6200
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8CA8A19-48E5-4510-BD5C-B148862D8439}" = 6200_Help
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul
"9F39BA0E-2F06-4D9E-8290-EB4238696479" = AstroPop Deluxe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"C2D8F0E2-6978-4409-8351-BA8785DA11EE" = FATE
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DivX Setup" = DivX Setup
"FLV Player2.0.25" = FLV Player
"Google Desktop" = Google Desktop
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"LimeWire" = LimeWire 5.6.2
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT025760" = FATE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/5/2011 6:05:39 AM | Computer Name = MALCOLM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.1.4259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/6/2011 2:59:56 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10002b60.
Error - 9/6/2011 3:17:33 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10002b60.
Error - 9/9/2011 8:02:48 PM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.
Error - 9/12/2011 3:40:04 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application aswmbr.exe, version 0.9.8.986, faulting module
aswmbr.exe, version 0.9.8.986, fault address 0x000045b1.
Error - 9/12/2011 3:40:26 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1001
Description = Fault bucket -1690601130.
Error - 9/13/2011 7:53:52 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application prism3d.exe, version 1.0.0.1, faulting module
p3core.dll, version 0.0.0.0, fault address 0x0004201e.
Error - 9/13/2011 7:54:36 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application prism3d.exe, version 1.0.0.1, faulting module
p3core.dll, version 0.0.0.0, fault address 0x0004201e.
Error - 9/13/2011 7:58:33 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application prism3d.exe, version 1.0.0.1, faulting module
p3core.dll, version 0.0.0.0, fault address 0x0004201e.
Error - 9/13/2011 6:54:34 PM | Computer Name = MALCOLM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 9/13/2011 6:40:03 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The WSWNDA3100 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 9/13/2011 6:52:31 PM | Computer Name = MALCOLM | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 9/13/2011 6:53:10 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2
Error - 9/13/2011 6:53:10 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Ralink Registry Writer service failed to start due to the following
error: %%2
Error - 9/13/2011 6:53:10 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 9/13/2011 6:54:38 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 9/13/2011 6:57:39 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).
Error - 9/13/2011 6:58:49 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The WSWNDA3100 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 9/13/2011 7:01:03 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2
Error - 9/13/2011 7:01:03 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Ralink Registry Writer service failed to start due to the following
error: %%2
< End of report >
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 491.13 Mb Available Physical Memory | 48.43% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 31.46 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Ralink\Common\ApUI.exe" = C:\Program Files\Ralink\Common\ApUI.exe:*:Enabled:Ralink Wireless Access Point Utility -- (Ralink Technology, Corp.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207.exe" = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207.exe:*:Enabled:PC Tools Installer -- ()
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-OQ0UB.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-OQ0UB.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-880AM.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-880AM.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Program Files\PC Tools Security\Update.exe" = C:\Program Files\PC Tools Security\Update.exe:*:Enabled:PC Tools Smart Update
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java™ Update Checker -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe:*:Enabled:Java™ Platform SE binary
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Dell Support\DSAgnt.exe" = C:\Program Files\Dell Support\DSAgnt.exe:*:Enabled:Dell Support -- (Gteko Ltd.)
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\_iu14D2N.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\_iu14D2N.tmp:*:Enabled:Setup/Uninstall
"C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207(1).exe" = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\sdsetup_revwire207(1).exe:*:Enabled:PC Tools Installer -- ()
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-F905Q.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-F905Q.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Program Files\RegCure\RegCure.exe" = C:\Program Files\RegCure\RegCure.exe:*:Enabled:RegCure Application
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-2MVIO.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-2MVIO.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\tdsskiller\TDSSKiller.exe" = C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\tdsskiller\TDSSKiller.exe:*:Enabled:TDSS rootkit removing tool -- (Kaspersky Lab ZAO)
"C:\Documents and Settings\Malcolm Hayles\Desktop\sdsetup_revwire207.exe" = C:\Documents and Settings\Malcolm Hayles\Desktop\sdsetup_revwire207.exe:*:Enabled:PC Tools Installer
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-5I1O1.tmp\sdsetup_revwire207_en_aff_dl.tmp" = C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-5I1O1.tmp\sdsetup_revwire207_en_aff_dl.tmp:*:Enabled:Setup/Uninstall
"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe" = C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe:*:Enabled:ArcadeClient -- (WildTangent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}" = 725plc32
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 26
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2C927BC2-D402-4781-97BD-920E415847A2}" = 6200Trb
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5B8B3C61-BDF7-4882-807E-A30AF1A64A9C}" = 6200
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8CA8A19-48E5-4510-BD5C-B148862D8439}" = 6200_Help
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul
"9F39BA0E-2F06-4D9E-8290-EB4238696479" = AstroPop Deluxe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"C2D8F0E2-6978-4409-8351-BA8785DA11EE" = FATE
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DivX Setup" = DivX Setup
"FLV Player2.0.25" = FLV Player
"Google Desktop" = Google Desktop
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"LimeWire" = LimeWire 5.6.2
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT025760" = FATE
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/5/2011 6:05:39 AM | Computer Name = MALCOLM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.1.4259, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/6/2011 2:59:56 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10002b60.
Error - 9/6/2011 3:17:33 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x10002b60.
Error - 9/9/2011 8:02:48 PM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.
Error - 9/12/2011 3:40:04 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application aswmbr.exe, version 0.9.8.986, faulting module
aswmbr.exe, version 0.9.8.986, fault address 0x000045b1.
Error - 9/12/2011 3:40:26 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1001
Description = Fault bucket -1690601130.
Error - 9/13/2011 7:53:52 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application prism3d.exe, version 1.0.0.1, faulting module
p3core.dll, version 0.0.0.0, fault address 0x0004201e.
Error - 9/13/2011 7:54:36 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application prism3d.exe, version 1.0.0.1, faulting module
p3core.dll, version 0.0.0.0, fault address 0x0004201e.
Error - 9/13/2011 7:58:33 AM | Computer Name = MALCOLM | Source = Application Error | ID = 1000
Description = Faulting application prism3d.exe, version 1.0.0.1, faulting module
p3core.dll, version 0.0.0.0, fault address 0x0004201e.
Error - 9/13/2011 6:54:34 PM | Computer Name = MALCOLM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 9/13/2011 6:40:03 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The WSWNDA3100 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 9/13/2011 6:52:31 PM | Computer Name = MALCOLM | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 9/13/2011 6:53:10 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2
Error - 9/13/2011 6:53:10 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Ralink Registry Writer service failed to start due to the following
error: %%2
Error - 9/13/2011 6:53:10 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 9/13/2011 6:54:38 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 9/13/2011 6:57:39 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).
Error - 9/13/2011 6:58:49 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7031
Description = The WSWNDA3100 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error - 9/13/2011 7:01:03 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2
Error - 9/13/2011 7:01:03 PM | Computer Name = MALCOLM | Source = Service Control Manager | ID = 7000
Description = The Ralink Registry Writer service failed to start due to the following
error: %%2
< End of report >
#11
Posted 14 September 2011 - 05:34 AM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
ComboFix 11-09-13.04 - Malcolm Hayles 09/13/2011 20:01:06.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.763 [GMT -5:00]
Running from: c:\documents and settings\Malcolm Hayles\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.390a8e3e.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\DMX.exe.d0259252.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\UIMain.exe.f56a6b1b.ini.inuse
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.fa39d519.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\windows\$NtUninstallKB22540$
c:\windows\$NtUninstallKB22540$\176809637
c:\windows\$NtUninstallKB22540$\2503946956\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB22540$\2503946956\click.tlb
c:\windows\$NtUninstallKB22540$\2503946956\L\odetmngk
c:\windows\$NtUninstallKB22540$\2503946956\loader.tlb
c:\windows\$NtUninstallKB22540$\2503946956\U\@00000001
c:\windows\$NtUninstallKB22540$\2503946956\U\@000000c0
c:\windows\$NtUninstallKB22540$\2503946956\U\@000000cb
c:\windows\$NtUninstallKB22540$\2503946956\U\@000000cf
c:\windows\$NtUninstallKB22540$\2503946956\U\@80000000
c:\windows\$NtUninstallKB22540$\2503946956\U\@800000c0
c:\windows\$NtUninstallKB22540$\2503946956\U\@800000cb
c:\windows\$NtUninstallKB22540$\2503946956\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\i386\msiexec.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_953f32cc
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-13 22:40 . 2011-09-13 22:40 -------- d-----w- C:\_OTL
2011-09-13 11:40 . 2011-09-13 11:40 -------- d-----w- c:\windows\FLV Player
2011-09-13 11:40 . 2011-09-13 11:40 -------- d-----w- c:\program files\FLV Player
2011-09-12 06:00 . 2011-09-12 06:00 -------- d-----w- c:\program files\WildTangent Games
2011-09-09 23:41 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-09-09 23:36 . 2011-09-09 23:36 -------- d-----w- c:\program files\Microsoft Games
2011-09-09 23:30 . 2011-09-09 23:33 -------- d-----w- C:\AOE3
2011-09-09 11:16 . 2011-09-09 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-09-09 10:34 . 2011-09-13 09:26 -------- d-----w- c:\program files\18 Wheels of Steel American Long Haul
2011-09-09 10:26 . 2011-09-09 10:26 -------- d-----w- C:\Downloads
2011-09-09 07:36 . 2011-09-09 07:36 -------- d-----w- c:\program files\WildGames
2011-09-06 07:03 . 2011-09-06 07:03 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\WildTangent
2011-09-06 06:52 . 2009-05-05 17:00 632576 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2011-09-06 06:52 . 2011-09-06 06:52 -------- d-----w- c:\program files\NETGEAR
2011-09-06 06:52 . 2011-09-06 06:52 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\InstallShield
2011-09-05 13:10 . 2011-09-06 06:48 -------- d-----w- c:\program files\PC Tools Security
2011-09-05 13:10 . 2011-09-06 06:48 -------- d-----w- c:\program files\Common Files\PC Tools
2011-09-05 12:50 . 2011-09-13 22:14 50112 --sha-w- c:\windows\system32\c_12502.nl_
2011-09-05 12:30 . 2011-09-05 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2011-09-05 12:24 . 2011-09-05 12:24 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Malwarebytes
2011-09-05 12:24 . 2011-09-06 06:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-09-05 12:23 . 2011-09-05 12:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-09-05 12:23 . 2011-09-05 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-09-05 12:23 . 2011-09-05 12:23 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Apple
2011-09-05 12:23 . 2011-09-05 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-09-05 12:21 . 2011-09-05 12:21 -------- d-----w- c:\documents and settings\Denise Hayles\Application Data\AVG10
2011-09-05 11:59 . 2011-09-13 23:10 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\U3
2011-09-05 11:43 . 2011-09-05 12:25 -------- d-----w- c:\documents and settings\Administrator
2011-09-05 10:59 . 2011-05-04 09:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-05 10:43 . 2011-09-05 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-05 10:17 . 2011-09-06 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-09-01 06:47 . 2011-09-05 12:24 -------- d-----w- c:\program files\VirtualDJ
2011-08-31 08:23 . 2011-09-05 12:24 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\DivX
2011-08-31 08:22 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-08-31 08:22 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-08-31 08:22 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-08-31 08:16 . 2011-09-05 12:24 -------- d-----w- c:\program files\DivX
2011-08-31 08:15 . 2011-09-05 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-08-29 09:47 . 2011-08-29 10:04 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Apple Computer
2011-08-29 09:42 . 2011-09-05 12:23 -------- d-----w- c:\program files\Windows Media Connect 2
2011-08-29 09:39 . 2011-09-05 12:23 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-08-29 09:35 . 2011-08-29 09:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-29 09:34 . 2011-09-05 12:23 -------- d-----w- c:\program files\QuickTime
2011-08-29 09:33 . 2011-08-29 09:33 -------- d-----w- c:\program files\Common Files\Apple
2011-08-29 09:32 . 2011-09-05 12:23 -------- d-----w- c:\program files\Apple Software Update
2011-08-29 09:32 . 2011-08-29 09:32 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
2011-08-29 09:20 . 2004-08-04 09:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-08-28 20:32 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-08-28 20:32 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-08-28 05:39 . 2011-09-10 00:06 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\LimeWire
2011-08-28 05:37 . 2011-05-04 07:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-28 05:35 . 2011-09-05 12:22 -------- d-----w- c:\program files\LimeWire
2011-08-27 07:51 . 2011-09-05 12:22 -------- d-----w- c:\documents and settings\Guest
2011-08-27 02:46 . 2009-12-10 16:16 796032 ----a-w- c:\windows\system32\Scutum.dll
2011-08-27 02:46 . 2009-12-10 16:16 200704 ----a-w- c:\windows\system32\ssleay32.dll
2011-08-27 02:46 . 2009-12-10 16:16 180224 ----a-w- c:\windows\system32\W32N55.dll
2011-08-27 02:46 . 2009-12-10 16:16 1085440 ----a-w- c:\windows\system32\libeay32.dll
2011-08-27 02:46 . 2009-12-10 16:15 152968 ----a-w- c:\windows\system32\RalinkGina.dll
2011-08-27 02:46 . 2009-12-10 16:16 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2011-08-27 02:46 . 2009-12-10 16:16 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2011-08-27 02:46 . 2011-08-27 02:46 -------- d-----w- c:\program files\Ralink
2011-08-27 02:46 . 2009-03-04 22:30 709248 ----a-w- c:\windows\system32\drivers\rt2870.sys
2011-08-27 02:46 . 2009-03-04 22:23 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-08-27 02:45 . 2011-08-27 02:45 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-27 02:45 . 2011-08-27 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2011-08-25 05:16 . 2011-08-25 05:16 -------- d-sh--w- c:\documents and settings\Denise Hayles\PrivacIE
2011-08-25 05:14 . 2011-08-25 05:14 -------- d-sh--w- c:\documents and settings\Denise Hayles\IETldCache
2011-08-25 03:06 . 2011-08-25 03:06 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Adobe
2011-08-25 03:04 . 2011-08-25 03:04 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-23 17:51 . 2011-08-23 17:51 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
2011-08-23 06:32 . 2011-09-13 22:27 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-23 06:32 . 2011-08-23 06:32 -------- d-----w- c:\program files\AVG
2011-08-23 06:15 . 2011-08-23 06:15 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
2011-08-23 06:14 . 2011-08-23 17:14 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Yahoo!
2011-08-23 06:14 . 2011-08-23 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-08-23 06:11 . 2011-08-23 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-08-23 05:58 . 2011-08-23 06:15 -------- d-----w- c:\program files\Yahoo!
2011-08-23 05:53 . 2011-08-23 05:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-23 05:52 . 2011-09-13 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-23 05:29 . 2011-08-23 19:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-23 05:27 . 2011-08-23 05:38 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
2011-08-23 05:18 . 2011-08-23 05:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-23 05:17 . 2011-08-23 05:17 -------- d-sh--w- c:\documents and settings\Malcolm Hayles\PrivacIE
2011-08-23 05:16 . 2011-08-23 05:16 -------- d-sh--w- c:\documents and settings\Malcolm Hayles\IETldCache
2011-08-23 04:50 . 2011-08-23 04:51 -------- dc-h--w- c:\windows\ie8
2011-08-23 03:25 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2011-08-23 03:00 . 2011-08-23 03:00 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Corel Photo Album
2011-08-23 03:00 . 2011-08-23 03:00 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
2011-08-23 02:59 . 2011-08-28 03:54 3610 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-08-23 02:59 . 2011-08-28 03:54 88 --sh--r- c:\windows\system32\85F75C239B.sys
2011-08-23 02:55 . 2004-08-04 03:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-08-23 02:42 . 2006-10-12 20:28 1060864 ----a-w- c:\windows\system32\MFC7b8f6.rra
2011-08-23 02:42 . 2006-10-12 20:28 89088 ----a-w- c:\windows\system32\ATL7b6d3.rra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-10 00:11 . 2004-08-10 16:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-05 21:12 . 2004-08-10 16:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-05 12:49 . 2004-08-10 16:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-12 05:40 . 2011-08-23 17:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-9-6 3280896]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNDA3100v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Malcolm Hayles^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Malcolm Hayles\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 09:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 06:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-08-18 05:53 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-23 05:20 136176 ----atw- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 00:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 00:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 00:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 14:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 14:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 12:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 20:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Ralink\\Common\\ApUI.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\My Documents\\Downloads\\sdsetup_revwire207.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Dell Support\\DSAgnt.exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\My Documents\\Downloads\\sdsetup_revwire207(1).exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\My Documents\\Downloads\\tdsskiller\\TDSSKiller.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
.
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [8/26/2011 9:46 PM 19072]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [9/6/2011 1:52 AM 632576]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [9/6/2011 1:52 AM 278528]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 05:20]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 05:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Malcolm Hayles\Application Data\Mozilla\Firefox\Profiles\stmqttsf.default\
FF - prefs.js: browser.startup.homepage - speedhunters.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ISTray - c:\program files\PC Tools Security\pctsGui.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 20:08
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(680)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-13 20:11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-14 01:11
.
Pre-Run: 33,654,853,632 bytes free
Post-Run: 33,549,914,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E9ED0C2E032A032BC10860CF955A151D
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.763 [GMT -5:00]
Running from: c:\documents and settings\Malcolm Hayles\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.390a8e3e.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\DMX.exe.d0259252.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\Launcher.exe.b72c2a1d.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\documents and settings\Denise Hayles\Local Settings\Application Data\ApplicationHistory\UIMain.exe.f56a6b1b.ini.inuse
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\AddProductToDMX.exe.fa39d519.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.50eb7ce1.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\htmlEdit.exe.27a5b164.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.1824c240.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini
c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini
c:\windows\$NtUninstallKB22540$
c:\windows\$NtUninstallKB22540$\176809637
c:\windows\$NtUninstallKB22540$\2503946956\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB22540$\2503946956\click.tlb
c:\windows\$NtUninstallKB22540$\2503946956\L\odetmngk
c:\windows\$NtUninstallKB22540$\2503946956\loader.tlb
c:\windows\$NtUninstallKB22540$\2503946956\U\@00000001
c:\windows\$NtUninstallKB22540$\2503946956\U\@000000c0
c:\windows\$NtUninstallKB22540$\2503946956\U\@000000cb
c:\windows\$NtUninstallKB22540$\2503946956\U\@000000cf
c:\windows\$NtUninstallKB22540$\2503946956\U\@80000000
c:\windows\$NtUninstallKB22540$\2503946956\U\@800000c0
c:\windows\$NtUninstallKB22540$\2503946956\U\@800000cb
c:\windows\$NtUninstallKB22540$\2503946956\U\@800000cf
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\i386\msiexec.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_953f32cc
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-13 22:40 . 2011-09-13 22:40 -------- d-----w- C:\_OTL
2011-09-13 11:40 . 2011-09-13 11:40 -------- d-----w- c:\windows\FLV Player
2011-09-13 11:40 . 2011-09-13 11:40 -------- d-----w- c:\program files\FLV Player
2011-09-12 06:00 . 2011-09-12 06:00 -------- d-----w- c:\program files\WildTangent Games
2011-09-09 23:41 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-09-09 23:36 . 2011-09-09 23:36 -------- d-----w- c:\program files\Microsoft Games
2011-09-09 23:30 . 2011-09-09 23:33 -------- d-----w- C:\AOE3
2011-09-09 11:16 . 2011-09-09 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-09-09 10:34 . 2011-09-13 09:26 -------- d-----w- c:\program files\18 Wheels of Steel American Long Haul
2011-09-09 10:26 . 2011-09-09 10:26 -------- d-----w- C:\Downloads
2011-09-09 07:36 . 2011-09-09 07:36 -------- d-----w- c:\program files\WildGames
2011-09-06 07:03 . 2011-09-06 07:03 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\WildTangent
2011-09-06 06:52 . 2009-05-05 17:00 632576 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys
2011-09-06 06:52 . 2011-09-06 06:52 -------- d-----w- c:\program files\NETGEAR
2011-09-06 06:52 . 2011-09-06 06:52 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\InstallShield
2011-09-05 13:10 . 2011-09-06 06:48 -------- d-----w- c:\program files\PC Tools Security
2011-09-05 13:10 . 2011-09-06 06:48 -------- d-----w- c:\program files\Common Files\PC Tools
2011-09-05 12:50 . 2011-09-13 22:14 50112 --sha-w- c:\windows\system32\c_12502.nl_
2011-09-05 12:30 . 2011-09-05 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2011-09-05 12:24 . 2011-09-05 12:24 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Malwarebytes
2011-09-05 12:24 . 2011-09-06 06:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-09-05 12:23 . 2011-09-05 12:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-09-05 12:23 . 2011-09-05 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-09-05 12:23 . 2011-09-05 12:23 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Apple
2011-09-05 12:23 . 2011-09-05 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-09-05 12:21 . 2011-09-05 12:21 -------- d-----w- c:\documents and settings\Denise Hayles\Application Data\AVG10
2011-09-05 11:59 . 2011-09-13 23:10 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\U3
2011-09-05 11:43 . 2011-09-05 12:25 -------- d-----w- c:\documents and settings\Administrator
2011-09-05 10:59 . 2011-05-04 09:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-05 10:43 . 2011-09-05 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-05 10:17 . 2011-09-06 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-09-01 06:47 . 2011-09-05 12:24 -------- d-----w- c:\program files\VirtualDJ
2011-08-31 08:23 . 2011-09-05 12:24 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\DivX
2011-08-31 08:22 . 2010-07-12 18:36 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-08-31 08:22 . 2010-07-12 18:36 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-08-31 08:22 . 2010-07-12 18:36 133616 ------w- c:\windows\system32\pxafs.dll
2011-08-31 08:16 . 2011-09-05 12:24 -------- d-----w- c:\program files\DivX
2011-08-31 08:15 . 2011-09-05 12:24 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-08-29 09:47 . 2011-08-29 10:04 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Apple Computer
2011-08-29 09:42 . 2011-09-05 12:23 -------- d-----w- c:\program files\Windows Media Connect 2
2011-08-29 09:39 . 2011-09-05 12:23 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-08-29 09:35 . 2011-08-29 09:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-29 09:34 . 2011-09-05 12:23 -------- d-----w- c:\program files\QuickTime
2011-08-29 09:33 . 2011-08-29 09:33 -------- d-----w- c:\program files\Common Files\Apple
2011-08-29 09:32 . 2011-09-05 12:23 -------- d-----w- c:\program files\Apple Software Update
2011-08-29 09:32 . 2011-08-29 09:32 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
2011-08-29 09:20 . 2004-08-04 09:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-08-28 20:32 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-08-28 20:32 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-08-28 05:39 . 2011-09-10 00:06 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\LimeWire
2011-08-28 05:37 . 2011-05-04 07:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-28 05:35 . 2011-09-05 12:22 -------- d-----w- c:\program files\LimeWire
2011-08-27 07:51 . 2011-09-05 12:22 -------- d-----w- c:\documents and settings\Guest
2011-08-27 02:46 . 2009-12-10 16:16 796032 ----a-w- c:\windows\system32\Scutum.dll
2011-08-27 02:46 . 2009-12-10 16:16 200704 ----a-w- c:\windows\system32\ssleay32.dll
2011-08-27 02:46 . 2009-12-10 16:16 180224 ----a-w- c:\windows\system32\W32N55.dll
2011-08-27 02:46 . 2009-12-10 16:16 1085440 ----a-w- c:\windows\system32\libeay32.dll
2011-08-27 02:46 . 2009-12-10 16:15 152968 ----a-w- c:\windows\system32\RalinkGina.dll
2011-08-27 02:46 . 2009-12-10 16:16 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2011-08-27 02:46 . 2009-12-10 16:16 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2011-08-27 02:46 . 2011-08-27 02:46 -------- d-----w- c:\program files\Ralink
2011-08-27 02:46 . 2009-03-04 22:30 709248 ----a-w- c:\windows\system32\drivers\rt2870.sys
2011-08-27 02:46 . 2009-03-04 22:23 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2011-08-27 02:45 . 2011-08-27 02:45 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-27 02:45 . 2011-08-27 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2011-08-25 05:16 . 2011-08-25 05:16 -------- d-sh--w- c:\documents and settings\Denise Hayles\PrivacIE
2011-08-25 05:14 . 2011-08-25 05:14 -------- d-sh--w- c:\documents and settings\Denise Hayles\IETldCache
2011-08-25 03:06 . 2011-08-25 03:06 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Adobe
2011-08-25 03:04 . 2011-08-25 03:04 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-23 17:51 . 2011-08-23 17:51 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
2011-08-23 06:32 . 2011-09-13 22:27 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-23 06:32 . 2011-08-23 06:32 -------- d-----w- c:\program files\AVG
2011-08-23 06:15 . 2011-08-23 06:15 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
2011-08-23 06:14 . 2011-08-23 17:14 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Yahoo!
2011-08-23 06:14 . 2011-08-23 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-08-23 06:11 . 2011-08-23 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-08-23 05:58 . 2011-08-23 06:15 -------- d-----w- c:\program files\Yahoo!
2011-08-23 05:53 . 2011-08-23 05:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-08-23 05:52 . 2011-09-13 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-23 05:29 . 2011-08-23 19:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-23 05:27 . 2011-08-23 05:38 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
2011-08-23 05:18 . 2011-08-23 05:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-08-23 05:17 . 2011-08-23 05:17 -------- d-sh--w- c:\documents and settings\Malcolm Hayles\PrivacIE
2011-08-23 05:16 . 2011-08-23 05:16 -------- d-sh--w- c:\documents and settings\Malcolm Hayles\IETldCache
2011-08-23 04:50 . 2011-08-23 04:51 -------- dc-h--w- c:\windows\ie8
2011-08-23 03:25 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2011-08-23 03:00 . 2011-08-23 03:00 -------- d-----w- c:\documents and settings\Malcolm Hayles\Application Data\Corel Photo Album
2011-08-23 03:00 . 2011-08-23 03:00 -------- d-----w- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
2011-08-23 02:59 . 2011-08-28 03:54 3610 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-08-23 02:59 . 2011-08-28 03:54 88 --sh--r- c:\windows\system32\85F75C239B.sys
2011-08-23 02:55 . 2004-08-04 03:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2011-08-23 02:42 . 2006-10-12 20:28 1060864 ----a-w- c:\windows\system32\MFC7b8f6.rra
2011-08-23 02:42 . 2006-10-12 20:28 89088 ----a-w- c:\windows\system32\ATL7b6d3.rra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-10 00:11 . 2004-08-10 16:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-05 21:12 . 2004-08-10 16:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-05 12:49 . 2004-08-10 16:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-12 05:40 . 2011-08-23 17:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-9-6 3280896]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WNDA3100v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Malcolm Hayles^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Malcolm Hayles\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 09:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 06:04 332800 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 09:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 07:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-08-18 05:53 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-23 05:20 136176 ----atw- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-15 00:46 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 00:50 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 00:49 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 14:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 14:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 12:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 20:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Ralink\\Common\\ApUI.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\My Documents\\Downloads\\sdsetup_revwire207.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Dell Support\\DSAgnt.exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\My Documents\\Downloads\\sdsetup_revwire207(1).exe"=
"c:\\Documents and Settings\\Malcolm Hayles\\My Documents\\Downloads\\tdsskiller\\TDSSKiller.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
.
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [8/26/2011 9:46 PM 19072]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [9/6/2011 1:52 AM 632576]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [9/6/2011 1:52 AM 278528]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 05:20]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
- c:\documents and settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-23 05:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Malcolm Hayles\Application Data\Mozilla\Firefox\Profiles\stmqttsf.default\
FF - prefs.js: browser.startup.homepage - speedhunters.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ISTray - c:\program files\PC Tools Security\pctsGui.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 20:08
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(680)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-13 20:11:31 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-14 01:11
.
Pre-Run: 33,654,853,632 bytes free
Post-Run: 33,549,914,112 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E9ED0C2E032A032BC10860CF955A151D
#12
Posted 14 September 2011 - 05:36 AM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
2011/09/14 06:35:06.0343 3408 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/14 06:35:06.0609 3408 ================================================================================
2011/09/14 06:35:06.0609 3408 SystemInfo:
2011/09/14 06:35:06.0609 3408
2011/09/14 06:35:06.0609 3408 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/14 06:35:06.0609 3408 Product type: Workstation
2011/09/14 06:35:06.0609 3408 ComputerName: MALCOLM
2011/09/14 06:35:06.0609 3408 UserName: Malcolm Hayles
2011/09/14 06:35:06.0609 3408 Windows directory: C:\WINDOWS
2011/09/14 06:35:06.0609 3408 System windows directory: C:\WINDOWS
2011/09/14 06:35:06.0609 3408 Processor architecture: Intel x86
2011/09/14 06:35:06.0609 3408 Number of processors: 2
2011/09/14 06:35:06.0609 3408 Page size: 0x1000
2011/09/14 06:35:06.0609 3408 Boot type: Normal boot
2011/09/14 06:35:06.0609 3408 ================================================================================
2011/09/14 06:35:08.0156 3408 Initialize success
2011/09/14 06:35:12.0750 3432 ================================================================================
2011/09/14 06:35:12.0750 3432 Scan started
2011/09/14 06:35:12.0750 3432 Mode: Manual;
2011/09/14 06:35:12.0750 3432 ================================================================================
2011/09/14 06:35:14.0406 3432 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/14 06:35:14.0484 3432 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/14 06:35:14.0531 3432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/14 06:35:14.0593 3432 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/14 06:35:14.0640 3432 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/09/14 06:35:14.0656 3432 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/09/14 06:35:14.0703 3432 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/14 06:35:14.0734 3432 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/14 06:35:14.0796 3432 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/14 06:35:14.0812 3432 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/14 06:35:14.0828 3432 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/14 06:35:14.0859 3432 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/14 06:35:14.0875 3432 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/14 06:35:14.0890 3432 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/14 06:35:14.0906 3432 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/14 06:35:14.0953 3432 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/14 06:35:14.0968 3432 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/14 06:35:14.0984 3432 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/14 06:35:15.0046 3432 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/14 06:35:15.0093 3432 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/14 06:35:15.0125 3432 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/14 06:35:15.0156 3432 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/14 06:35:15.0171 3432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/14 06:35:15.0250 3432 BCMH43XX (f9f4d7f87c2ff01df41b00c01da26fe2) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
2011/09/14 06:35:15.0343 3432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/14 06:35:15.0421 3432 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/14 06:35:15.0437 3432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/14 06:35:15.0500 3432 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/14 06:35:15.0515 3432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/14 06:35:15.0531 3432 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/14 06:35:15.0562 3432 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/14 06:35:15.0625 3432 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/14 06:35:15.0671 3432 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/14 06:35:15.0703 3432 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/14 06:35:15.0718 3432 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/14 06:35:15.0750 3432 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/14 06:35:15.0796 3432 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/09/14 06:35:15.0812 3432 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/09/14 06:35:15.0859 3432 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/09/14 06:35:15.0875 3432 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/09/14 06:35:15.0921 3432 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/09/14 06:35:15.0937 3432 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/09/14 06:35:15.0953 3432 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/09/14 06:35:15.0968 3432 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/09/14 06:35:15.0984 3432 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/09/14 06:35:16.0046 3432 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/14 06:35:16.0109 3432 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/14 06:35:16.0140 3432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/14 06:35:16.0187 3432 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/14 06:35:16.0234 3432 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/14 06:35:16.0265 3432 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/14 06:35:16.0281 3432 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/09/14 06:35:16.0296 3432 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/09/14 06:35:16.0328 3432 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/14 06:35:16.0359 3432 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/14 06:35:16.0390 3432 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/14 06:35:16.0453 3432 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/14 06:35:16.0468 3432 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/14 06:35:16.0515 3432 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/14 06:35:16.0531 3432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/14 06:35:16.0546 3432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/14 06:35:16.0578 3432 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/14 06:35:16.0640 3432 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/14 06:35:16.0703 3432 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/14 06:35:16.0750 3432 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/14 06:35:16.0796 3432 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/14 06:35:16.0812 3432 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/14 06:35:16.0859 3432 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/14 06:35:16.0890 3432 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/14 06:35:16.0953 3432 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/14 06:35:17.0046 3432 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/14 06:35:17.0093 3432 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/14 06:35:17.0125 3432 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/14 06:35:17.0156 3432 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/14 06:35:17.0234 3432 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/14 06:35:17.0296 3432 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/14 06:35:17.0359 3432 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/14 06:35:17.0406 3432 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/14 06:35:17.0437 3432 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/14 06:35:17.0468 3432 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/14 06:35:17.0515 3432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/14 06:35:17.0531 3432 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/14 06:35:17.0562 3432 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/14 06:35:17.0609 3432 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/14 06:35:17.0640 3432 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/14 06:35:17.0687 3432 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/14 06:35:17.0703 3432 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/14 06:35:17.0718 3432 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/14 06:35:17.0781 3432 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/14 06:35:17.0812 3432 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/14 06:35:17.0890 3432 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/14 06:35:17.0921 3432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/14 06:35:17.0953 3432 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/14 06:35:17.0968 3432 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/14 06:35:17.0984 3432 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/14 06:35:18.0062 3432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/14 06:35:18.0078 3432 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/14 06:35:18.0125 3432 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/14 06:35:18.0156 3432 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/14 06:35:18.0234 3432 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/14 06:35:18.0265 3432 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/14 06:35:18.0312 3432 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/14 06:35:18.0328 3432 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/14 06:35:18.0343 3432 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/14 06:35:18.0359 3432 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/14 06:35:18.0406 3432 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/14 06:35:18.0437 3432 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/14 06:35:18.0468 3432 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/14 06:35:18.0515 3432 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/14 06:35:18.0546 3432 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/14 06:35:18.0562 3432 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/14 06:35:18.0593 3432 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/14 06:35:18.0640 3432 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/14 06:35:18.0671 3432 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/14 06:35:18.0703 3432 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/14 06:35:18.0750 3432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/14 06:35:18.0843 3432 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/14 06:35:18.0921 3432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/14 06:35:18.0968 3432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/14 06:35:19.0015 3432 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/14 06:35:19.0031 3432 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/14 06:35:19.0062 3432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/14 06:35:19.0093 3432 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/14 06:35:19.0125 3432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/14 06:35:19.0156 3432 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/14 06:35:19.0250 3432 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/14 06:35:19.0265 3432 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/14 06:35:19.0328 3432 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/14 06:35:19.0343 3432 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/14 06:35:19.0390 3432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/14 06:35:19.0406 3432 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/14 06:35:19.0437 3432 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/14 06:35:19.0468 3432 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/14 06:35:19.0515 3432 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/14 06:35:19.0531 3432 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/14 06:35:19.0546 3432 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/14 06:35:19.0562 3432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/14 06:35:19.0609 3432 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/14 06:35:19.0625 3432 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/14 06:35:19.0640 3432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/14 06:35:19.0703 3432 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/14 06:35:19.0718 3432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/14 06:35:19.0781 3432 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/14 06:35:19.0828 3432 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/14 06:35:19.0859 3432 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/14 06:35:19.0953 3432 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/09/14 06:35:20.0046 3432 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
2011/09/14 06:35:20.0156 3432 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/14 06:35:20.0234 3432 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/14 06:35:20.0281 3432 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/14 06:35:20.0328 3432 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/14 06:35:20.0390 3432 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/14 06:35:20.0437 3432 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/14 06:35:20.0484 3432 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/14 06:35:20.0546 3432 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/14 06:35:20.0609 3432 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/14 06:35:20.0703 3432 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/14 06:35:20.0750 3432 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/14 06:35:20.0781 3432 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/14 06:35:20.0812 3432 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/14 06:35:20.0843 3432 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/14 06:35:20.0875 3432 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/14 06:35:20.0890 3432 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/14 06:35:20.0937 3432 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/14 06:35:21.0000 3432 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/14 06:35:21.0046 3432 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/14 06:35:21.0062 3432 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/14 06:35:21.0093 3432 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/14 06:35:21.0140 3432 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/14 06:35:21.0187 3432 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/14 06:35:21.0265 3432 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/14 06:35:21.0296 3432 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/14 06:35:21.0437 3432 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/14 06:35:21.0500 3432 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/14 06:35:21.0515 3432 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/14 06:35:21.0546 3432 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/14 06:35:21.0593 3432 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/14 06:35:21.0640 3432 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/14 06:35:21.0656 3432 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/14 06:35:21.0671 3432 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/09/14 06:35:21.0718 3432 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/14 06:35:21.0734 3432 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/14 06:35:21.0765 3432 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/14 06:35:21.0796 3432 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/14 06:35:21.0890 3432 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/14 06:35:21.0937 3432 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/14 06:35:22.0062 3432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/14 06:35:22.0140 3432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/14 06:35:22.0156 3432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/14 06:35:22.0234 3432 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/09/14 06:35:22.0250 3432 Boot (0x1200) (0d4d33b14e4ef69824ea64b61b661ad3) \Device\Harddisk0\DR0\Partition0
2011/09/14 06:35:22.0281 3432 Boot (0x1200) (5221cd0ba7fcdbc4d6fb8d5903ef8c48) \Device\Harddisk0\DR0\Partition1
2011/09/14 06:35:22.0296 3432 ================================================================================
2011/09/14 06:35:22.0296 3432 Scan finished
2011/09/14 06:35:22.0296 3432 ================================================================================
2011/09/14 06:35:22.0312 3424 Detected object count: 0
2011/09/14 06:35:22.0312 3424 Actual detected object count: 0
2011/09/14 06:35:06.0609 3408 ================================================================================
2011/09/14 06:35:06.0609 3408 SystemInfo:
2011/09/14 06:35:06.0609 3408
2011/09/14 06:35:06.0609 3408 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/14 06:35:06.0609 3408 Product type: Workstation
2011/09/14 06:35:06.0609 3408 ComputerName: MALCOLM
2011/09/14 06:35:06.0609 3408 UserName: Malcolm Hayles
2011/09/14 06:35:06.0609 3408 Windows directory: C:\WINDOWS
2011/09/14 06:35:06.0609 3408 System windows directory: C:\WINDOWS
2011/09/14 06:35:06.0609 3408 Processor architecture: Intel x86
2011/09/14 06:35:06.0609 3408 Number of processors: 2
2011/09/14 06:35:06.0609 3408 Page size: 0x1000
2011/09/14 06:35:06.0609 3408 Boot type: Normal boot
2011/09/14 06:35:06.0609 3408 ================================================================================
2011/09/14 06:35:08.0156 3408 Initialize success
2011/09/14 06:35:12.0750 3432 ================================================================================
2011/09/14 06:35:12.0750 3432 Scan started
2011/09/14 06:35:12.0750 3432 Mode: Manual;
2011/09/14 06:35:12.0750 3432 ================================================================================
2011/09/14 06:35:14.0406 3432 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/14 06:35:14.0484 3432 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/14 06:35:14.0531 3432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/14 06:35:14.0593 3432 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/14 06:35:14.0640 3432 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/09/14 06:35:14.0656 3432 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/09/14 06:35:14.0703 3432 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/14 06:35:14.0734 3432 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/14 06:35:14.0796 3432 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/14 06:35:14.0812 3432 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/14 06:35:14.0828 3432 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/14 06:35:14.0859 3432 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/14 06:35:14.0875 3432 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/14 06:35:14.0890 3432 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/14 06:35:14.0906 3432 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/14 06:35:14.0953 3432 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/14 06:35:14.0968 3432 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/14 06:35:14.0984 3432 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/14 06:35:15.0046 3432 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/14 06:35:15.0093 3432 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/14 06:35:15.0125 3432 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/14 06:35:15.0156 3432 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/14 06:35:15.0171 3432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/14 06:35:15.0250 3432 BCMH43XX (f9f4d7f87c2ff01df41b00c01da26fe2) C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
2011/09/14 06:35:15.0343 3432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/14 06:35:15.0421 3432 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/14 06:35:15.0437 3432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/14 06:35:15.0500 3432 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/14 06:35:15.0515 3432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/14 06:35:15.0531 3432 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/14 06:35:15.0562 3432 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/14 06:35:15.0625 3432 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/14 06:35:15.0671 3432 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/14 06:35:15.0703 3432 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/14 06:35:15.0718 3432 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/14 06:35:15.0750 3432 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/14 06:35:15.0796 3432 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/09/14 06:35:15.0812 3432 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/09/14 06:35:15.0859 3432 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/09/14 06:35:15.0875 3432 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/09/14 06:35:15.0921 3432 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/09/14 06:35:15.0937 3432 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/09/14 06:35:15.0953 3432 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/09/14 06:35:15.0968 3432 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/09/14 06:35:15.0984 3432 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/09/14 06:35:16.0046 3432 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/14 06:35:16.0109 3432 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/14 06:35:16.0140 3432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/14 06:35:16.0187 3432 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/14 06:35:16.0234 3432 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/14 06:35:16.0265 3432 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/14 06:35:16.0281 3432 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/09/14 06:35:16.0296 3432 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/09/14 06:35:16.0328 3432 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/09/14 06:35:16.0359 3432 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/14 06:35:16.0390 3432 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/14 06:35:16.0453 3432 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/14 06:35:16.0468 3432 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/14 06:35:16.0515 3432 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/14 06:35:16.0531 3432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/14 06:35:16.0546 3432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/14 06:35:16.0578 3432 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/14 06:35:16.0640 3432 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/14 06:35:16.0703 3432 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/14 06:35:16.0750 3432 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/14 06:35:16.0796 3432 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/14 06:35:16.0812 3432 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/14 06:35:16.0859 3432 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/14 06:35:16.0890 3432 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/14 06:35:16.0953 3432 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/14 06:35:17.0046 3432 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/14 06:35:17.0093 3432 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/14 06:35:17.0125 3432 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/14 06:35:17.0156 3432 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/14 06:35:17.0234 3432 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/09/14 06:35:17.0296 3432 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/14 06:35:17.0359 3432 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/14 06:35:17.0406 3432 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/14 06:35:17.0437 3432 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/14 06:35:17.0468 3432 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/14 06:35:17.0515 3432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/14 06:35:17.0531 3432 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/14 06:35:17.0562 3432 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/14 06:35:17.0609 3432 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/14 06:35:17.0640 3432 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/14 06:35:17.0687 3432 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/14 06:35:17.0703 3432 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/14 06:35:17.0718 3432 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/14 06:35:17.0781 3432 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/14 06:35:17.0812 3432 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/14 06:35:17.0890 3432 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/14 06:35:17.0921 3432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/14 06:35:17.0953 3432 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/14 06:35:17.0968 3432 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/09/14 06:35:17.0984 3432 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/14 06:35:18.0062 3432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/14 06:35:18.0078 3432 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/14 06:35:18.0125 3432 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/14 06:35:18.0156 3432 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/14 06:35:18.0234 3432 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/14 06:35:18.0265 3432 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/14 06:35:18.0312 3432 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/14 06:35:18.0328 3432 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/14 06:35:18.0343 3432 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/14 06:35:18.0359 3432 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/14 06:35:18.0406 3432 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/14 06:35:18.0437 3432 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/14 06:35:18.0468 3432 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/14 06:35:18.0515 3432 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/14 06:35:18.0546 3432 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/14 06:35:18.0562 3432 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/14 06:35:18.0593 3432 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/14 06:35:18.0640 3432 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/14 06:35:18.0671 3432 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/14 06:35:18.0703 3432 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/14 06:35:18.0750 3432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/14 06:35:18.0843 3432 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/14 06:35:18.0921 3432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/14 06:35:18.0968 3432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/14 06:35:19.0015 3432 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/14 06:35:19.0031 3432 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/14 06:35:19.0062 3432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/14 06:35:19.0093 3432 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/14 06:35:19.0125 3432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/14 06:35:19.0156 3432 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/14 06:35:19.0250 3432 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/14 06:35:19.0265 3432 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/14 06:35:19.0328 3432 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/14 06:35:19.0343 3432 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/14 06:35:19.0390 3432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/14 06:35:19.0406 3432 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/14 06:35:19.0437 3432 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/14 06:35:19.0468 3432 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/14 06:35:19.0515 3432 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/14 06:35:19.0531 3432 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/14 06:35:19.0546 3432 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/14 06:35:19.0562 3432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/14 06:35:19.0609 3432 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/14 06:35:19.0625 3432 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/14 06:35:19.0640 3432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/14 06:35:19.0703 3432 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/14 06:35:19.0718 3432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/14 06:35:19.0781 3432 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/14 06:35:19.0828 3432 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/14 06:35:19.0859 3432 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/14 06:35:19.0953 3432 rt2870 (ee5ad71a1f576d4d58d8d014560eb856) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/09/14 06:35:20.0046 3432 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
2011/09/14 06:35:20.0156 3432 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/14 06:35:20.0234 3432 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/14 06:35:20.0281 3432 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/14 06:35:20.0328 3432 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/14 06:35:20.0390 3432 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/14 06:35:20.0437 3432 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/14 06:35:20.0484 3432 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/14 06:35:20.0546 3432 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/14 06:35:20.0609 3432 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/14 06:35:20.0703 3432 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
2011/09/14 06:35:20.0750 3432 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/14 06:35:20.0781 3432 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/14 06:35:20.0812 3432 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/14 06:35:20.0843 3432 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/14 06:35:20.0875 3432 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/14 06:35:20.0890 3432 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/14 06:35:20.0937 3432 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/14 06:35:21.0000 3432 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/14 06:35:21.0046 3432 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/14 06:35:21.0062 3432 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/14 06:35:21.0093 3432 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/14 06:35:21.0140 3432 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/14 06:35:21.0187 3432 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/14 06:35:21.0265 3432 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/14 06:35:21.0296 3432 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/14 06:35:21.0437 3432 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/14 06:35:21.0500 3432 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/14 06:35:21.0515 3432 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/14 06:35:21.0546 3432 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/14 06:35:21.0593 3432 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/14 06:35:21.0640 3432 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/14 06:35:21.0656 3432 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/14 06:35:21.0671 3432 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/09/14 06:35:21.0718 3432 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/14 06:35:21.0734 3432 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/14 06:35:21.0765 3432 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/14 06:35:21.0796 3432 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/14 06:35:21.0890 3432 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/14 06:35:21.0937 3432 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/14 06:35:22.0062 3432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/14 06:35:22.0140 3432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/14 06:35:22.0156 3432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/14 06:35:22.0234 3432 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
2011/09/14 06:35:22.0250 3432 Boot (0x1200) (0d4d33b14e4ef69824ea64b61b661ad3) \Device\Harddisk0\DR0\Partition0
2011/09/14 06:35:22.0281 3432 Boot (0x1200) (5221cd0ba7fcdbc4d6fb8d5903ef8c48) \Device\Harddisk0\DR0\Partition1
2011/09/14 06:35:22.0296 3432 ================================================================================
2011/09/14 06:35:22.0296 3432 Scan finished
2011/09/14 06:35:22.0296 3432 ================================================================================
2011/09/14 06:35:22.0312 3424 Detected object count: 0
2011/09/14 06:35:22.0312 3424 Actual detected object count: 0
#13
Posted 14 September 2011 - 05:39 AM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7ABE000 \WINDOWS\system32\KDCOM.DLL
0xF79CE000 \WINDOWS\system32\BOOTVID.dll
0xF748F000 ACPI.sys
0xF7AC0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF747E000 pci.sys
0xF75BE000 isapnp.sys
0xF7B86000 pciide.sys
0xF783E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AC2000 intelide.sys
0xF75CE000 MountMgr.sys
0xF745F000 ftdisk.sys
0xF7846000 PartMgr.sys
0xF75DE000 VolSnap.sys
0xF7447000 atapi.sys
0xF75EE000 disk.sys
0xF75FE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7428000 fltMgr.sys
0xF7416000 sr.sys
0xF7400000 DRVMCDB.SYS
0xF760E000 PxHelp20.sys
0xF73E9000 KSecDD.sys
0xF735C000 Ntfs.sys
0xF732F000 NDIS.sys
0xF7314000 Mup.sys
0xF778E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF717C000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7168000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7142000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF711F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF70EB000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF70C8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6FC9000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6F22000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78F6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6EFC000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF78FE000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF779E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7ADA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF77AE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BD8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6EE5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7906000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6ED4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF790E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7916000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF780E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF791E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7926000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7ADC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6EA0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A82000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF781E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A9A000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA6BB000 \SystemRoot\system32\drivers\sthda.sys
0xAA699000 \SystemRoot\system32\drivers\portcls.sys
0xF763E000 \SystemRoot\system32\drivers\drmk.sys
0xF764E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AE0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7936000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AE2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7AE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF794E000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7956000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF795E000 \SystemRoot\System32\drivers\vga.sys
0xF7AE8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7966000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF796E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AB6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA59E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA4B5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA48D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA46C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF767E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA44A000 \SystemRoot\System32\drivers\afd.sys
0xF768E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA41F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA3B0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76AE000 \SystemRoot\System32\Drivers\Fips.SYS
0xF72BF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF797E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF72BB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF76DE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7A5E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA2D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6E67000 \SystemRoot\System32\drivers\Dxapi.sys
0xF798E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BC7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xAA629000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7C8C000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAA17F000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xAA219000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7AFE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF79AE000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAA167000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAA151000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF79BE000 \SystemRoot\System32\Drivers\Scutum50.sys
0xA9F26000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9EF9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B1E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAA195000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9D8F000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9B4A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9E29000 \SystemRoot\system32\drivers\sysaudio.sys
0xA994C000 \SystemRoot\System32\Drivers\HTTP.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9424000 \SystemRoot\system32\drivers\kmixer.sys
0xA93BE000 \SystemRoot\system32\drivers\72734483.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 24):
0 System Idle Process
4 System
548 C:\WINDOWS\system32\smss.exe
764 csrss.exe
788 C:\WINDOWS\system32\winlogon.exe
832 C:\WINDOWS\system32\services.exe
844 C:\WINDOWS\system32\lsass.exe
1028 C:\WINDOWS\system32\svchost.exe
1076 svchost.exe
1116 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1272 svchost.exe
1320 C:\WINDOWS\system32\spoolsv.exe
1480 C:\WINDOWS\system32\svchost.exe
2008 alg.exe
1724 C:\WINDOWS\explorer.exe
456 C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
824 C:\WINDOWS\system32\ctfmon.exe
2908 C:\Program Files\Mozilla Firefox\firefox.exe
3060 C:\Program Files\Mozilla Firefox\plugin-container.exe
3320 C:\Program Files\WinRAR\WinRAR.exe
3400 C:\DOCUME~1\MALCOL~1\LOCALS~1\temp\Rar$EX45.616\TDSSKiller.exe
3460 C:\WINDOWS\system32\notepad.exe
3544 C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`2f794a00 (NTFS)
PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E
Done!
© 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d
Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7ABE000 \WINDOWS\system32\KDCOM.DLL
0xF79CE000 \WINDOWS\system32\BOOTVID.dll
0xF748F000 ACPI.sys
0xF7AC0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF747E000 pci.sys
0xF75BE000 isapnp.sys
0xF7B86000 pciide.sys
0xF783E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AC2000 intelide.sys
0xF75CE000 MountMgr.sys
0xF745F000 ftdisk.sys
0xF7846000 PartMgr.sys
0xF75DE000 VolSnap.sys
0xF7447000 atapi.sys
0xF75EE000 disk.sys
0xF75FE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7428000 fltMgr.sys
0xF7416000 sr.sys
0xF7400000 DRVMCDB.SYS
0xF760E000 PxHelp20.sys
0xF73E9000 KSecDD.sys
0xF735C000 Ntfs.sys
0xF732F000 NDIS.sys
0xF7314000 Mup.sys
0xF778E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF717C000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7168000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7142000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF711F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF70EB000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF70C8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6FC9000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6F22000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78F6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6EFC000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF78FE000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF779E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7ADA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF77AE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77BE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7BD8000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A72000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6EE5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7906000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6ED4000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF790E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7916000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF780E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF791E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7926000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7ADC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6EA0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A82000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF781E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7A9A000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xAA6BB000 \SystemRoot\system32\drivers\sthda.sys
0xAA699000 \SystemRoot\system32\drivers\portcls.sys
0xF763E000 \SystemRoot\system32\drivers\drmk.sys
0xF764E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AE0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7936000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AE2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7AE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AE6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF794E000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7956000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF795E000 \SystemRoot\System32\drivers\vga.sys
0xF7AE8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7966000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF796E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AB6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA59E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA4B5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA48D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA46C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF767E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA44A000 \SystemRoot\System32\drivers\afd.sys
0xF768E000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA41F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA3B0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76AE000 \SystemRoot\System32\Drivers\Fips.SYS
0xF72BF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF797E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF72BB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF76DE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7A5E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAA2D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AF0000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6E67000 \SystemRoot\System32\drivers\Dxapi.sys
0xF798E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BC7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xAA629000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7C8C000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAA17F000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xAA219000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7AFE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF79AE000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAA167000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAA151000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF79BE000 \SystemRoot\System32\Drivers\Scutum50.sys
0xA9F26000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9EF9000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B1E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAA195000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA9D8F000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9B4A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9E29000 \SystemRoot\system32\drivers\sysaudio.sys
0xA994C000 \SystemRoot\System32\Drivers\HTTP.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9424000 \SystemRoot\system32\drivers\kmixer.sys
0xA93BE000 \SystemRoot\system32\drivers\72734483.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 24):
0 System Idle Process
4 System
548 C:\WINDOWS\system32\smss.exe
764 csrss.exe
788 C:\WINDOWS\system32\winlogon.exe
832 C:\WINDOWS\system32\services.exe
844 C:\WINDOWS\system32\lsass.exe
1028 C:\WINDOWS\system32\svchost.exe
1076 svchost.exe
1116 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1272 svchost.exe
1320 C:\WINDOWS\system32\spoolsv.exe
1480 C:\WINDOWS\system32\svchost.exe
2008 alg.exe
1724 C:\WINDOWS\explorer.exe
456 C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
824 C:\WINDOWS\system32\ctfmon.exe
2908 C:\Program Files\Mozilla Firefox\firefox.exe
3060 C:\Program Files\Mozilla Firefox\plugin-container.exe
3320 C:\Program Files\WinRAR\WinRAR.exe
3400 C:\DOCUME~1\MALCOL~1\LOCALS~1\temp\Rar$EX45.616\TDSSKiller.exe
3460 C:\WINDOWS\system32\notepad.exe
3544 C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`2f794a00 (NTFS)
PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E
Done!
#14
Posted 14 September 2011 - 06:47 AM
michaelg9
-
- Malware Removal
-
- 2,949 posts
Trusted Helper
Hello
We're making progress
Run OTL
Next:
File Scanner
There are some files I need you to upload for checking
Do the same for this:
Next:
Uninstall the following:
Limewire isn't bad, but as far as I know it's inactive and you get a lot of nasties from P2P programs, especially this one
Next:
Upgrading Java:
Also you had an outdated version of Java Runtime Environment, and I told you to uninstall it. Here is the updated version.
You need Windows x86 Online or Windows x86 Offline (for installation without internet access)
Next:
Click here to download and install Avast! Free antivirus. A free but excellent antivirus.
Next:
Please tell me how's your computer working now and if there are any other problems
We're making progress
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
[2011/09/06 01:52:49 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2011/09/06 01:52:49 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2011/09/06 01:52:49 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2011/08/23 01:32:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/08/23 01:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
:Services
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-OQ0UB.tmp\sdsetup_revwire207_en_aff_dl.tmp" =-
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-880AM.tmp\sdsetup_revwire207_en_aff_dl.tmp" =-
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\_iu14D2N.tmp" =-
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-2MVIO.tmp\sdsetup_revwire207_en_aff_dl.tmp" =-
"C:\Documents and Settings\Malcolm Hayles\Local Settings\Temp\is-5I1O1.tmp\sdsetup_revwire207_en_aff_dl.tmp" =-
:Files
c:\windows\system32\c_12502.nl_
c:\documents and settings\Denise Hayles\Application Data\AVG10
C:\WINDOWS\System32\NetMonInstaller.exe
C:\WINDOWS\System32\daemon_mgm.exe
C:\WINDOWS\System32\drivers\npf.sys
C:\WINDOWS\System32\npf_mgm.exe
C:\WINDOWS\System32\packet.dll
C:\WINDOWS\System32\pthreadVC.dll
C:\WINDOWS\System32\rpcapd.exe
C:\WINDOWS\System32\wanpacket.dll
C:\WINDOWS\System32\wpcap.dll
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Next:
File Scanner
There are some files I need you to upload for checking
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\system32\hidserv.dll
- c:\windows\system32\hidserv.dll
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
Do the same for this:
C:\WINDOWS\System32\MFC7b8f6.rra
Next:
Uninstall the following:
Java™ 6 Update 26
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 5.6.2
Viewpoint Media Player
Limewire isn't bad, but as far as I know it's inactive and you get a lot of nasties from P2P programs, especially this one
Next:
Upgrading Java:
- Go here and click Free Java Download
- It will offer you the latest version of java, download it and install it
Also you had an outdated version of Java Runtime Environment, and I told you to uninstall it. Here is the updated version.
You need Windows x86 Online or Windows x86 Offline (for installation without internet access)
Next:
Click here to download and install Avast! Free antivirus. A free but excellent antivirus.
Next:
Please tell me how's your computer working now and if there are any other problems
#15
Posted 14 September 2011 - 08:32 PM
MacBoznyII
- Topic Starter
-
- Member
-
- 20 posts
Member
OTL logfile created on: 9/14/2011 9:18:47 PM - Run 3
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 747.80 Mb Available Physical Memory | 73.74% Memory free
2.38 Gb Paging File | 2.24 Gb Available in Paging File | 94.09% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 30.91 Gb Free Space | 58.65% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Drive E: | 34.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/13 17:57:05 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder\OTL.exe
PRC - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2009/09/03 11:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RalinkRegistryWriter)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2009/12/10 11:16:16 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/05/05 12:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/08/18 00:42:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "speedhunters.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/05 07:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 00:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 07:24:52 | 000,000,000 | ---D | M]
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions\[email protected]
[2011/09/05 05:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/05 07:22:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/12 00:40:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/13 20:08:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D40AC4A-DBFA-4A1E-ADE2-54B58C033B88}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/13 18:10:58 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/13 18:10:59 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 19:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 03:27:40 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/14 21:06:16 | 000,632,576 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2011/09/14 21:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2011/09/14 21:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/14 14:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DAEMON Tools Pro
[2011/09/14 14:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/09/14 14:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Azureus
[2011/09/14 14:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/09/14 06:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder (2)
[2011/09/14 00:28:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/13 20:11:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/13 19:51:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/13 19:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/13 19:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/13 19:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/13 19:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/13 19:50:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/13 19:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/13 19:47:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Administrative Tools
[2011/09/13 18:28:31 | 004,207,571 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm Hayles\Desktop\ComboFix.exe
[2011/09/13 18:10:58 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/09/13 17:40:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 13:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Dell Games
[2011/09/13 06:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2011/09/12 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
[2011/09/12 01:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/12 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/09 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games
[2011/09/09 18:41:03 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/09/09 18:40:59 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/09/09 18:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/09/09 18:30:08 | 000,000,000 | ---D | C] -- C:\AOE3
[2011/09/09 06:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/09/09 06:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\18 WoS American Long Haul
[2011/09/09 05:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel American Long Haul
[2011/09/09 05:26:33 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/09/09 02:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/09 02:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/06 02:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/06 01:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/05 07:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/05 07:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/09/05 07:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 07:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Virtual DJ
[2011/09/05 07:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/09/05 07:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/05 07:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/05 07:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple
[2011/09/05 07:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/09/05 07:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\LimeWire
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ralink Wireless
[2011/09/05 07:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/09/05 06:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/05 06:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/05 05:59:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/05 05:59:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/05 05:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/05 05:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/03 15:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Inspiration
[2011/09/01 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/09/01 01:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\DJ
[2011/08/31 03:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2011/08/31 03:22:21 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/08/31 03:22:21 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/08/31 03:22:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/08/31 03:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/08/31 03:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/08/30 13:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\LimeWire
[2011/08/29 04:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/08/29 04:43:41 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/08/29 04:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/08/29 04:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/08/29 04:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/29 04:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/29 04:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/29 04:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
[2011/08/28 15:32:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/08/28 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Albums
[2011/08/28 00:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/28 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/28 00:37:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/28 00:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/08/26 21:46:32 | 000,796,032 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/08/26 21:46:32 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/08/26 21:46:32 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/08/26 21:46:31 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/08/26 21:46:31 | 000,152,968 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/08/26 21:46:30 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/08/26 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ralink
[2011/08/26 21:46:00 | 000,709,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2011/08/26 21:46:00 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/08/26 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/08/26 21:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/08/24 22:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Adobe
[2011/08/24 22:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My eBooks
[2011/08/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 14:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2011/08/23 12:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/23 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\BrowserPlus
[2011/08/23 01:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
[2011/08/23 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/08/23 01:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/08/23 00:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/08/23 00:53:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 00:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/23 00:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/08/23 00:29:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 00:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Google Chrome
[2011/08/23 00:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
[2011/08/23 00:17:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\PrivacIE
[2011/08/23 00:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\IETldCache
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Videos
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/08/22 23:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/08/22 23:50:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/22 23:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/08/22 22:46:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Pictures
[2011/08/22 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/08/22 22:25:11 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2011/08/22 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/08/22 22:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
[2011/08/22 21:55:19 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/08/22 21:42:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC7b8f6.rra
[2011/08/22 21:42:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL7b6d3.rra
========== Files - Modified Within 30 Days ==========
[2011/09/14 21:17:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/14 21:17:10 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 21:06:14 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/14 20:57:01 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/14 20:57:01 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/14 20:31:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/09/14 14:20:55 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/09/13 22:31:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/09/13 20:08:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/13 19:52:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/13 18:28:32 | 004,207,571 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm Hayles\Desktop\ComboFix.exe
[2011/09/13 13:39:46 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/09 06:17:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 05:36:17 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 15:48:59 | 000,533,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 07:08:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/05 04:52:32 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 18:53:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 01:52:18 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:53:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/29 04:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/29 04:43:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/29 04:43:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/29 04:41:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/29 04:39:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/28 04:33:49 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/28 01:35:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/27 22:54:58 | 000,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/27 22:54:57 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/23 14:57:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 12:53:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:39:59 | 000,064,672 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/08/23 00:28:29 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:16:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 21:25:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
========== Files Created - No Company Name ==========
[2011/09/14 21:06:14 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/14 14:20:55 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/09/14 14:20:55 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/09/13 19:52:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/13 19:51:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/13 19:50:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/13 19:50:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/13 19:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/13 19:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/13 19:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/13 13:39:46 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/09 05:36:17 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 07:25:59 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/05 05:21:47 | 000,533,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/29 04:43:47 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/08/29 04:43:46 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/08/29 04:39:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/29 04:32:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/29 04:32:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/28 04:33:49 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/26 21:46:33 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/08/26 21:46:32 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/08/26 21:46:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/08/26 21:45:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/08/23 12:53:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 12:39:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:28:29 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:20:30 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/08/23 00:20:29 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/08/22 23:53:29 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/22 22:00:33 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/22 21:59:34 | 000,003,610 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/22 21:59:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/22 21:25:57 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2006/08/23 18:54:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\fusioncache.dat
[2006/08/22 22:15:49 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/22 22:15:49 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/08/22 21:49:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/18 00:59:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 00:52:25 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 00:48:41 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/18 00:46:18 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/18 00:45:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/08/18 00:42:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/18 00:19:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/18 00:18:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 747.80 Mb Available Physical Memory | 73.74% Memory free
2.38 Gb Paging File | 2.24 Gb Available in Paging File | 94.09% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 30.91 Gb Free Space | 58.65% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.31 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Drive E: | 34.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MALCOLM | User Name: Malcolm Hayles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/09/13 17:57:05 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder\OTL.exe
PRC - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2009/09/03 11:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (RalinkRegistryWriter)
SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2004/03/18 15:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2009/12/10 11:16:16 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/05/05 12:00:44 | 000,632,576 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/08/18 00:42:54 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/02/10 17:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003/11/17 20:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 20:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 20:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: No CLSID value found. File not found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "speedhunters.com"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/05 07:24:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/12 00:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/05 07:24:52 | 000,000,000 | ---D | M]
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions
[2011/09/05 07:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla\Extensions\[email protected]
[2011/09/05 05:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/05 07:24:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/05 07:22:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/12 00:40:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/13 20:08:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D40AC4A-DBFA-4A1E-ADE2-54B58C033B88}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/13 18:10:58 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/13 18:10:59 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/02/21 19:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/05/29 03:27:40 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/14 21:06:16 | 000,632,576 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys
[2011/09/14 21:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2011/09/14 21:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\InstallShield
[2011/09/14 14:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DAEMON Tools Pro
[2011/09/14 14:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/09/14 14:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Azureus
[2011/09/14 14:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/09/14 06:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder (2)
[2011/09/14 00:28:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/13 20:11:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/13 19:51:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/13 19:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/13 19:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/13 19:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/13 19:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/13 19:50:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/13 19:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/13 19:47:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Administrative Tools
[2011/09/13 18:28:31 | 004,207,571 | R--- | C] (Swearware) -- C:\Documents and Settings\Malcolm Hayles\Desktop\ComboFix.exe
[2011/09/13 18:10:58 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2011/09/13 17:40:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/13 13:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Dell Games
[2011/09/13 06:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\FLV Player
[2011/09/13 06:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2011/09/12 19:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Desktop\New Folder
[2011/09/12 01:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/12 01:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent Games
[2011/09/09 18:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Games
[2011/09/09 18:41:03 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2011/09/09 18:40:59 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2011/09/09 18:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/09/09 18:30:08 | 000,000,000 | ---D | C] -- C:\AOE3
[2011/09/09 06:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2011/09/09 06:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\18 WoS American Long Haul
[2011/09/09 05:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\18 Wheels of Steel American Long Haul
[2011/09/09 05:26:33 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/09/09 02:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\WildGames
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WinRAR
[2011/09/09 02:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/09 02:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/06 02:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\WildTangent
[2011/09/06 01:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/09/05 08:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/05 07:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/09/05 07:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Malwarebytes
[2011/09/05 07:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/05 07:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Virtual DJ
[2011/09/05 07:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/09/05 07:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011/09/05 07:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/05 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/05 07:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple
[2011/09/05 07:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/09/05 07:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\LimeWire
[2011/09/05 07:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ralink Wireless
[2011/09/05 07:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\AdobeUM
[2011/09/05 06:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\U3
[2011/09/05 06:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/05 05:59:48 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/09/05 05:59:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/09/05 05:59:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/09/05 05:43:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/05 05:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/09/03 15:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Inspiration
[2011/09/01 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011/09/01 01:45:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\DJ
[2011/08/31 03:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\DivX
[2011/08/31 03:22:21 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/08/31 03:22:21 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/08/31 03:22:16 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/08/31 03:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/08/31 03:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011/08/30 13:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\LimeWire
[2011/08/29 04:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Apple Computer
[2011/08/29 04:43:41 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/08/29 04:42:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/08/29 04:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/08/29 04:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/29 04:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/08/29 04:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/08/29 04:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Apple Computer
[2011/08/28 15:32:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/08/28 02:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Albums
[2011/08/28 00:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\LimeWire
[2011/08/28 00:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/08/28 00:37:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/28 00:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/08/26 21:46:32 | 000,796,032 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\Scutum.dll
[2011/08/26 21:46:32 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2011/08/26 21:46:32 | 000,180,224 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\W32N55.dll
[2011/08/26 21:46:31 | 001,085,440 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2011/08/26 21:46:31 | 000,152,968 | ---- | C] (Ralink Tech) -- C:\WINDOWS\System32\RalinkGina.dll
[2011/08/26 21:46:30 | 000,019,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\Scutum50.sys
[2011/08/26 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Ralink
[2011/08/26 21:46:00 | 000,709,248 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2011/08/26 21:46:00 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2011/08/26 21:45:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/08/26 21:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver
[2011/08/24 22:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Adobe
[2011/08/24 22:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My eBooks
[2011/08/24 22:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/23 14:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\Downloads
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Mozilla
[2011/08/23 12:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Mozilla
[2011/08/23 12:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/08/23 01:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\BrowserPlus
[2011/08/23 01:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Yahoo!
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/08/23 01:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Yahoo!
[2011/08/23 01:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/08/23 01:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/08/23 00:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/08/23 00:53:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/23 00:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/23 00:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Adobe
[2011/08/23 00:29:25 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 00:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Start Menu\Programs\Google Chrome
[2011/08/23 00:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Solid State Networks
[2011/08/23 00:17:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\PrivacIE
[2011/08/23 00:16:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Malcolm Hayles\IETldCache
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Videos
[2011/08/22 23:53:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/08/22 23:51:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/08/22 23:50:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/08/22 23:50:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/08/22 22:46:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Malcolm Hayles\My Documents\My Pictures
[2011/08/22 22:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Macromedia
[2011/08/22 22:25:11 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2011/08/22 22:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Application Data\Corel Photo Album
[2011/08/22 22:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\Corel Photo Album
[2011/08/22 21:55:19 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/08/22 21:42:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC7b8f6.rra
[2011/08/22 21:42:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL7b6d3.rra
========== Files - Modified Within 30 Days ==========
[2011/09/14 21:17:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/14 21:17:10 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 21:06:14 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/14 20:57:01 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/14 20:57:01 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/14 20:31:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/09/14 14:20:55 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/09/13 22:31:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/09/13 20:08:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/13 19:52:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/13 18:28:32 | 004,207,571 | R--- | M] (Swearware) -- C:\Documents and Settings\Malcolm Hayles\Desktop\ComboFix.exe
[2011/09/13 13:39:46 | 000,000,436 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/09 06:17:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/09 05:36:17 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 15:48:59 | 000,533,046 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/09/05 07:08:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/05 04:52:32 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/03 18:53:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/01 01:52:18 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 17:53:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/29 04:43:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/29 04:43:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/08/29 04:43:24 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/08/29 04:41:41 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/08/29 04:39:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/28 04:33:49 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/28 01:35:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/08/27 22:54:58 | 000,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/27 22:54:57 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/23 14:57:50 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/23 12:53:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:39:59 | 000,064,672 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2011/08/23 00:28:29 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:16:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/22 21:25:57 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
========== Files Created - No Company Name ==========
[2011/09/14 21:06:14 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/14 14:20:55 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/09/14 14:20:55 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/09/13 19:52:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/13 19:51:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/13 19:50:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/13 19:50:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/13 19:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/13 19:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/13 19:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/13 13:39:46 | 000,000,436 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to New Folder (2).lnk
[2011/09/09 05:36:17 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2011/09/05 16:06:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\settings.dat
[2011/09/05 07:25:59 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/05 05:21:47 | 000,533,046 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/08/29 04:43:47 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/08/29 04:43:46 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/08/29 04:39:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/08/29 04:32:51 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/29 04:32:44 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/08/28 04:33:49 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.6.2.lnk
[2011/08/26 21:46:33 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2011/08/26 21:46:32 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2011/08/26 21:46:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2011/08/26 21:45:56 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/08/23 12:53:19 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2011/08/23 12:39:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/23 01:11:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/08/23 00:28:29 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 00:24:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/08/23 00:20:30 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007UA.job
[2011/08/23 00:20:29 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2729958953-299165680-4184242943-1007Core.job
[2011/08/22 23:53:29 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/08/22 22:00:33 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/22 21:59:34 | 000,003,610 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/08/22 21:59:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\85F75C239B.sys
[2011/08/22 21:25:57 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2006/08/23 18:54:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Malcolm Hayles\Local Settings\Application Data\fusioncache.dat
[2006/08/22 22:15:49 | 000,104,291 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/08/22 22:15:49 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/08/22 21:49:13 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/08/18 00:59:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/18 00:52:25 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/18 00:48:41 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/08/18 00:46:18 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/08/18 00:45:02 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gwseh.dat
[2006/08/18 00:42:08 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/18 00:19:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/08/18 00:18:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:57:15 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 11:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 11:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 11:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 11:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 11:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 11:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 11:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 11:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 11:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 11:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 11:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 11:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
