Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Attempted redirect to 78.192.70.254 whenever I click on a .exe file [S


  • This topic is locked This topic is locked

#1
martin1981

martin1981

    Member

  • Member
  • PipPip
  • 20 posts
This started a few months ago.
Everytime I click on a .exe file from anywhere on my PC, there is a delay of several seconds, then Peerblock shows me several redirect attempts to 78.192.70.254, then the file loads. Peerblock now blocks the IP everytime.
There is no attempt otherwise. It does not happens when I visit websites, nor when I start music of movie files.

I have a HP Pavilion, XP Home Edition SP3 updated.
In my startup, I only have PeerBlock, Malwarebytes and Avast, all latest updated versions.
I have tried without success to see what happens with a few Systernal utilities -Filemon, Regmon and Process Explorer.
I have done full scans with Malwarebytes, Avast, DrWeb, Superantispyware, TDSSKiller, M/soft malicious software removal tool, Rootkit Buster, Rootkit Revealer, as well as scsns with Trend Online and Eset.
All they did was find a few false positives. Their logs show nothing significant.
I installed Unhookexec.inf.
The file associations are correct.
HijackThis log shows nothing unusual.
The Hosts file is short, with localhost 127.0.0.1
I do not use proxies.
The firewall is working and set correctly.
I have cleant with CCleaner, Winaso and TuneUp.
I have not installed any fake antivirus, I am the only one using my PC.
I do not have any HideMyIP type utilities installed.
I do not use P2P things like Emule etc.
I use Firefox, but I think this is irrelevant since the attempt happens whenever I click on an application.
I had a look at 78.192.70.254 (weeks AFTER the redirect attempts started) - it's a Apache server in France, it asks for a password to log into.
I have read and followed the advice given in a number of forums.

In spite of all this, there is still a nasty thing which tries to connect to 78.192.70.254
Is there anyone here who could help, please?
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello martin1981 and welcome to my office here at G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Time to get busy :)...

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello,
Many thanks for your assistance.
Files attached as requested.
However, OTL did not produce a Extras file. I ran OTL several times but it only gave me one log.
In the log, you'll find a number of files containing the string "bollox". This is the way I rename files when I am not sure of their use.

Gmer took hours to complete (I did follow your instructions)


Best regards,

Attached Files


  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I'll post your log because it's easy for us to analyze it...

OTL logfile created on: 04/01/2012 13:02:27 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 43.95% Memory free
3.60 Gb Paging File | 2.90 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.31 Gb Total Space | 102.45 Gb Free Space | 56.82% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.09 Gb Free Space | 34.98% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 48.82 Gb Free Space | 32.76% Space Free | Partition Type: NTFS

Computer Name: UNIX | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 11:55:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 15:58:39 | 002,976,200 | ---- | M] (Zemana Ltd.) -- C:\Program Files\AntiLogger\AntiLogger.exe
PRC - [2011/09/03 00:00:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/06 21:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\STUFF\PeerBlock\peerblock.exe
PRC - [2010/05/31 11:42:52 | 019,317,672 | ---- | M] (Firetrust Ltd) -- C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 10:16:01 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/12 14:14:08 | 018,058,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e5f8e311d5fbef90d3f6f641e893d898\System.ServiceModel.ni.dll
MOD - [2011/10/12 14:10:54 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7a684c3b60526afb62a0969ada9c94cd\System.ServiceProcess.ni.dll
MOD - [2011/10/12 14:10:18 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\df89410d8f28b685778b11afe075c80d\System.Runtime.DurableInstancing.ni.dll
MOD - [2011/10/12 14:10:16 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e3135e7811b6403f9cdfb759a339924c\SMDiagnostics.ni.dll
MOD - [2011/10/12 14:10:14 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\05153a9ff2b30a737faba58a3e88229c\System.Runtime.Serialization.ni.dll
MOD - [2011/10/12 12:55:43 | 000,317,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\6298828cba3cda0587dce31f24da69f3\SMSvcHost.ni.exe
MOD - [2011/10/12 12:36:54 | 001,782,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\bf5ca252df4083e6c48dc3e9f3273cf5\System.Xaml.ni.dll
MOD - [2011/10/12 11:41:59 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll
MOD - [2011/10/12 11:41:52 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\096f1b3839e7d6dfe2598941329c08dc\System.Configuration.ni.dll
MOD - [2011/10/12 11:41:39 | 007,069,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll
MOD - [2011/10/12 11:41:14 | 009,086,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll
MOD - [2011/10/12 11:40:59 | 014,408,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2011/09/03 00:00:12 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/02/24 01:57:18 | 000,555,112 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/10/25 14:13:50 | 000,109,472 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefoxExtn.dll
MOD - [2010/07/04 21:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/05/28 12:57:36 | 000,801,976 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\ContactsLib.dll
MOD - [2010/04/19 07:48:28 | 000,277,904 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\sqlite3.dll
MOD - [2009/08/25 16:51:10 | 000,155,320 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\mailprefs.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/06/25 14:40:04 | 000,977,080 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\MCore.dll
MOD - [2009/01/20 14:20:00 | 000,102,400 | ---- | M] () -- C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
MOD - [2008/09/12 16:39:34 | 000,611,936 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\MailAnalysis.dll
MOD - [2006/03/09 14:38:56 | 000,155,648 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\ssleay32.dll
MOD - [2006/03/09 14:38:48 | 000,684,032 | ---- | M] () -- C:\Program Files\FireTrust\MailWasher Pro\libeay32.dll
MOD - [2003/05/23 14:15:48 | 000,024,621 | ---- | M] () -- C:\Program Files\WS_FTP Pro\nsftpch.dll
MOD - [2003/05/23 14:02:34 | 000,135,214 | ---- | M] () -- C:\Program Files\WS_FTP Pro\wsftplib.dll
MOD - [2003/05/23 14:01:42 | 000,049,197 | ---- | M] () -- C:\Program Files\WS_FTP Pro\wshosts.dll
MOD - [2003/03/20 10:01:32 | 000,839,680 | ---- | M] () -- C:\Program Files\WS_FTP Pro\libeay32.dll
MOD - [2003/03/20 10:01:32 | 000,159,744 | ---- | M] () -- C:\Program Files\WS_FTP Pro\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (StatusAgent)
SRV - File not found [Disabled | Stopped] -- -- (RichVideo)
SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (MySQL2)
SRV - File not found [Disabled | Stopped] -- -- (KService)
SRV - File not found [Disabled | Stopped] -- -- (EpsonBidirectionalService)
SRV - File not found [Disabled | Stopped] -- -- (EpsonBidirectionalAgent)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/14 15:37:12 | 001,479,488 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/11 13:44:44 | 000,112,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2011/04/08 05:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/11/26 13:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/09/26 18:24:42 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/23 18:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2000/05/16 02:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)


========== Driver Services (SafeList) ==========

DRV - [2012/01/04 12:30:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EACB7702-1777-470D-8F33-E5308A97F5AF}\MpKsl65b34ef9.sys -- (MpKsl65b34ef9)
DRV - [2012/01/04 12:18:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EACB7702-1777-470D-8F33-E5308A97F5AF}\MpKsla559aea1.sys -- (MpKsla559aea1)
DRV - [2012/01/04 12:17:19 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EACB7702-1777-470D-8F33-E5308A97F5AF}\MpKslec3e77a5.sys -- (MpKslec3e77a5)
DRV - [2012/01/04 09:36:51 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EACB7702-1777-470D-8F33-E5308A97F5AF}\MpKsle9e742e5.sys -- (MpKsle9e742e5)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 15:58:43 | 000,059,096 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2011/11/23 20:45:42 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/10/13 16:33:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/05/03 15:33:46 | 006,404,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/11/06 21:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\STUFF\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/06/19 07:30:12 | 000,014,848 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) Siliten HID Devices(FlexDef2b)
DRV - [2010/05/11 12:24:49 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/26 08:25:12 | 000,039,808 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/07/18 15:40:06 | 000,264,576 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/05/01 21:15:54 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/04/11 11:43:35 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/02/16 00:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/15 16:09:12 | 000,019,840 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\DaVinciDr.sysbolloxwhatsit -- (DaVinciDr)
DRV - [2006/12/13 19:02:22 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/11/29 04:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/08/04 04:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.co.uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = www.google.co.uk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9c
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.6
FF - prefs.js..extensions.enabledItems: {0ac8a0b2-074e-407f-9742-e13b9e509c27}:1.3
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.http: ""
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.http_port: 0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.socks: ""
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.socks_port: 0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.ssl: ""
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.ssl_port: 0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\HP_Owner\Application Data\Octoshape\Octoshape Streaming Services\sua-1010122-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/04/25 09:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 23:21:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 14:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/10 17:16:44 | 000,000,000 | ---D | M]

[2011/09/16 17:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/07/06 18:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/16 17:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[email protected]
[2012/01/04 12:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions
[2011/03/15 17:29:48 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{0ac8a0b2-074e-407f-9742-e13b9e509c27}
[2011/08/05 18:37:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/15 14:01:15 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2011/09/15 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/09/06 14:15:30 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/12/27 20:07:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/12 11:23:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/18 16:59:44 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/11/04 01:59:37 | 000,000,000 | ---D | M] (MAFIAAFire Redirector) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/10/15 14:01:14 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="Matthew David Kesack" em:description="Upload images from the web directly to your Photobucket account." em:homepageURL="http://www.photobucket.com/" em:iconURL="chrome://photobucket/content/images/pb-logo.png" em:id="[email protected]" em:name="Photobucket Uploader" em:version="1.3.3">) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/12/15 11:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/10/26 19:36:13 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\btjunkie.xml
[2011/12/28 18:37:45 | 000,006,404 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\gallica-bnf.xml
[2011/12/31 15:16:33 | 000,006,498 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\gutenberg.xml
[2011/04/30 14:54:41 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\imdb.xml
[2011/04/30 15:00:26 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\the-pirate-bay.xml
[2011/12/29 14:26:20 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\youtube-video-search.xml
[2012/01/04 12:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 09:56:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/15 12:28:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/04/25 09:30:00 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/09/15 12:28:28 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/02/01 17:00:05 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/04 12:12:15 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml

O1 HOSTS File: ([2012/01/03 17:29:40 | 000,005,649 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 spywar.com
O1 - Hosts: 127.0.0.1 123spywar.com
O1 - Hosts: 127.0.0.1 72.247.206.146
O1 - Hosts: 127.0.0.1 regnow.com
O1 - Hosts: 127.0.0.1 www.regnow.com
O1 - Hosts: 127.0.0.1 plimus.com
O1 - Hosts: 127.0.0.1 78.192.70.254 #moronic redirect
O1 - Hosts: 127.0.0.1 www.plimus.com
O1 - Hosts: 127.0.0.1 209.87.178.183
O1 - Hosts: 127.0.0.1 203.128.93.234
O1 - Hosts: 127.0.0.1 69.64.155.133
O1 - Hosts: 127.0.0.1 66.244.251.240 #ftp turd
O1 - Hosts: 127.0.0.1 66.244.192.0/18
O1 - Hosts: 127.0.0.1 BIGPIPEINC.COM
O1 - Hosts: 127.0.0.1 66.244.251.30
O1 - Hosts: 127.0.0.1 ad.doubleclick.net
O1 - Hosts: 127.0.0.1 www.voyages.netfirms.com
O1 - Hosts: 127.0.0.1 www.netfirms.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 128 more lines...
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\STUFF\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nousernameinstartmenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nosimplestartmenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nochangestartmenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: norecentdochistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: maxrecentdocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1D0A68-C5F2-401A-81CD-EB6210573F1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70CD94B5-9D8C-486E-B8E8-3D3AFB6444E7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer = 15.243.128.51 15.243.160.51
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 20:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/05/15 12:34:42 | 000,000,000 | ---D | M] - G:\autorun -- [ NTFS ]
O33 - MountPoints2\{a9d5e89e-5821-11df-ba47-0018e770a587}\Shell - "" = AutoRun
O33 - MountPoints2\{a9d5e89e-5821-11df-ba47-0018e770a587}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 11:56:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2012/01/04 11:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\richard
[2012/01/03 19:05:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2012/01/03 16:14:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Secunia PSI
[2011/12/31 17:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/12/31 12:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2011/12/31 11:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\The KMPlayer
[2011/12/30 10:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2011/12/30 10:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/30 10:32:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/30 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/29 20:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\New Folder (2)
[2011/12/29 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Kindle hack
[2011/12/29 13:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\redsn0w
[2011/12/29 11:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\SystemSpeedBooster
[2011/12/29 11:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/12/29 11:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\SystemSpeedBooster
[2011/12/27 12:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kindle Collection Manager
[2011/12/27 12:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kindle Collection Manager
[2011/12/23 17:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/23 14:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/12/20 14:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\New Folder
[2011/12/19 22:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2011/12/19 22:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\DxO Labs
[2011/12/19 22:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DxO_Labs
[2011/12/19 22:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\DxO Optics Pro v7 logs
[2011/12/18 16:06:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}
[2011/12/11 17:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Spell Checker For OE 2.1
[2011/12/06 12:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\glasses_files
[2011/12/06 10:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Apowersoft
[2011/12/05 18:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyLanViewer
[2011/12/05 18:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\MyLanViewer
[2009/02/22 11:49:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys
[2007/06/01 13:06:15 | 000,047,616 | ---- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll

========== Files - Modified Within 30 Days ==========

[2012/01/04 13:10:56 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/01/04 11:55:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2012/01/04 09:57:36 | 000,419,246 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1201041732.TIF
[2012/01/04 09:41:03 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/04 09:38:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/04 09:38:06 | 004,074,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/04 09:36:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/03 22:54:34 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (K).lnk
[2012/01/03 17:53:11 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20120103_175307.reg
[2012/01/03 17:29:40 | 000,005,649 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/01/03 17:29:40 | 000,005,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of HOSTS
[2012/01/03 17:29:40 | 000,005,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy (3) of HOSTS
[2012/01/03 17:29:40 | 000,005,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy (2) of HOSTS
[2012/01/03 16:14:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/03 15:02:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/03 13:35:09 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/02 17:36:06 | 000,001,786 | --S- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/12/31 12:15:55 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/31 11:50:03 | 000,057,908 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111231_114957.reg
[2011/12/31 09:37:48 | 000,507,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/31 09:37:48 | 000,090,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 22:14:55 | 006,323,796 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\social_engineering_hadnagy_christopher.epub
[2011/12/30 20:44:31 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (G).lnk
[2011/12/30 19:57:54 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Hallmark Card Studio 2009.exe.lnk
[2011/12/30 19:27:02 | 000,001,170 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\WD Passport.lnk
[2011/12/30 11:01:37 | 000,167,096 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.pdf
[2011/12/30 11:00:02 | 006,394,058 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.jpg
[2011/12/30 10:55:02 | 006,083,675 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\2Scan-111230-0001.jpg
[2011/12/29 23:28:46 | 000,060,795 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\sad dog.jpeg
[2011/12/29 23:23:15 | 000,066,799 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\8_big.jpg
[2011/12/29 15:11:09 | 000,032,834 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1112293036.TIF
[2011/12/29 15:10:36 | 000,032,834 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\1112293036.TIF
[2011/12/19 22:41:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/18 16:06:08 | 000,034,704 | ---- | M] () -- C:\WINDOWS\syscall.dat
[2011/12/18 10:32:58 | 000,048,948 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111218_103254.reg
[2011/12/18 10:27:52 | 000,001,646 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle.lnk
[2011/12/17 13:45:47 | 000,000,124 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/14 12:35:02 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 11:45:53 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\KINGSTON (G).lnk
[2011/12/13 16:26:39 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\STICK (G).lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/08 16:45:31 | 000,165,890 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\eye clinic 12-2011.pdf
[2011/12/06 12:33:48 | 000,012,531 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\glasses.htm

========== Files Created - No Company Name ==========

[2012/01/04 09:57:35 | 000,419,246 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1201041732.TIF
[2012/01/04 09:41:33 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/01/04 09:36:16 | 004,074,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/03 22:54:34 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (K).lnk
[2012/01/03 17:53:09 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20120103_175307.reg
[2012/01/03 16:14:07 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/01/03 13:33:08 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/31 11:49:59 | 000,057,908 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111231_114957.reg
[2011/12/30 22:15:15 | 006,323,796 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\social_engineering_hadnagy_christopher.epub
[2011/12/30 19:57:54 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Hallmark Card Studio 2009.exe.lnk
[2011/12/30 11:01:37 | 000,167,096 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.pdf
[2011/12/30 10:59:55 | 006,394,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.jpg
[2011/12/30 10:54:56 | 006,083,675 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\2Scan-111230-0001.jpg
[2011/12/29 23:28:46 | 000,060,795 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\sad dog.jpeg
[2011/12/29 23:23:11 | 000,066,799 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\8_big.jpg
[2011/12/29 15:11:09 | 000,032,834 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1112293036.TIF
[2011/12/29 15:10:36 | 000,032,834 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\1112293036.TIF
[2011/12/25 16:58:04 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (G).lnk
[2011/12/20 01:51:58 | 000,719,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/18 10:32:57 | 000,048,948 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111218_103254.reg
[2011/12/14 11:45:53 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\KINGSTON (G).lnk
[2011/12/13 16:26:39 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\STICK (G).lnk
[2011/12/08 16:45:31 | 000,165,890 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\eye clinic 12-2011.pdf
[2011/12/06 12:33:47 | 000,012,531 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\glasses.htm
[2011/11/16 23:32:43 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/11/16 23:32:43 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/11/16 23:32:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/11/12 19:05:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/11/02 16:48:10 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\llftool.4.12.agreement
[2011/10/14 11:55:10 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\KeDetective130.sys
[2011/10/05 20:33:56 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2011/09/17 18:40:09 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/09/17 17:52:32 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/17 17:52:32 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/17 17:52:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/29 10:31:51 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/05 19:52:15 | 000,003,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\PassportPhotoStudio
[2011/04/30 13:18:39 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2011/04/30 13:18:39 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\UserFlag.ini
[2010/12/11 14:22:58 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/11/08 21:32:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\winscp.rnd
[2010/10/03 11:58:34 | 000,000,391 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/08/29 09:30:15 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Images.fl
[2010/07/31 20:23:13 | 000,000,235 | ---- | C] () -- C:\WINDOWS\teleprompt.ini
[2010/07/13 17:40:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/06/26 11:08:38 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\msadio.dll
[2010/05/22 22:00:19 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2010/04/21 08:05:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hdd.ini
[2010/04/01 17:51:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2010/02/18 12:50:16 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\DCLibrary_nat.dll
[2010/02/08 14:04:33 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ducon.xml
[2010/01/27 23:57:34 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ducon1.xml
[2010/01/27 23:53:13 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\users.xml
[2010/01/27 23:52:50 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/01/04 16:35:58 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Aurora MPEG To DVD.INI
[2010/01/04 16:11:56 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/12/31 17:55:49 | 000,445,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/21 09:55:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\oeattach.dll
[2009/12/08 21:43:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/03 17:01:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/09/17 10:20:50 | 000,416,824 | ---- | C] () -- C:\WINDOWS\System32\[bleep] - pwNative.exe
[2009/09/17 10:20:49 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\[bleep] - pwdrvio.sys
[2009/09/17 10:20:49 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\[bleep] - pwdspio.sys
[2009/08/26 12:28:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MAS
[2009/08/26 12:28:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Displays
[2009/08/17 09:09:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RBRegEx350.dll
[2009/08/17 09:09:37 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\LP0310.dll
[2009/08/17 09:09:37 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2009/08/17 09:09:37 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\MBSPlugin.DLL
[2009/08/17 09:09:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RBShell400.dll
[2009/08/17 09:09:37 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\MBSRegistryPlugin.DLL
[2009/08/17 09:09:37 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\MBSFolderPlugin.DLL
[2009/08/17 09:09:37 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\MBSMacTTPlugin.DLL
[2009/08/17 09:09:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\LP0301Gestalt.dll
[2009/08/17 09:09:37 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\MBSRegPlugin.DLL
[2009/08/17 09:09:37 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\LP0301ResFork.dll
[2009/08/17 09:09:37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\LP0301LinkFile.dll
[2009/07/31 12:38:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/06/22 11:11:41 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/06/11 15:10:44 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/11 13:39:40 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/09 12:05:26 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/05 15:27:29 | 000,005,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyrbollox
[2009/06/04 19:17:34 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\vso_ts_preview.xml
[2009/04/30 13:20:38 | 000,000,990 | --S- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\systemfl.$dk
[2009/04/27 23:07:55 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2009/04/24 17:32:05 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\FOLESVR.DLL
[2009/04/10 18:36:55 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\Days5.ini
[2009/03/23 11:52:28 | 000,000,121 | ---- | C] () -- C:\WINDOWS\winzipme.ini
[2009/03/23 11:51:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\addurl41.DLL
[2009/03/23 11:51:15 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\winwatch.DLL
[2009/03/10 14:46:52 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\edacded0_x.dat
[2009/03/05 10:37:26 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\wmpeq10.dll
[2009/03/05 10:37:25 | 002,179,072 | ---- | C] () -- C:\WINDOWS\System32\eq10core.dll
[2009/03/05 10:37:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ospitray.exe
[2009/02/22 11:49:56 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.cat
[2009/02/22 11:49:56 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.inf
[2009/02/16 00:47:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2009/02/16 00:45:59 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/02/10 17:06:45 | 004,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2009/01/21 17:07:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/05 23:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2009/01/05 23:09:19 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2008/12/17 15:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/11/14 18:57:11 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/11/04 19:02:16 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/10/28 15:33:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/10/25 17:12:14 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\inst.exe
[2008/10/24 09:36:07 | 000,000,079 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2008/10/24 09:34:53 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.datbollox
[2008/10/24 09:34:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.datbollox
[2008/09/13 13:40:03 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/09/03 09:20:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\RpDays.ini
[2008/08/18 12:10:48 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdfeditor.dat
[2008/08/14 18:24:54 | 003,657,728 | ---- | C] () -- C:\WINDOWS\System32\mkl_wavearts.dll
[2008/08/07 17:47:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\OPDIRDEL.exe
[2008/08/07 12:38:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/08/06 15:07:06 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2008/07/10 22:32:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/07/10 21:52:04 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/07/09 18:24:12 | 000,000,235 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/07/09 18:24:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\ukid.INI
[2008/07/09 18:24:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/07/09 18:24:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/07/09 18:24:09 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/07/09 18:24:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/07/03 13:02:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/05/11 11:43:09 | 000,011,114 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MainApp.dll
[2008/04/17 12:26:10 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Salut et Fraternite
[2008/04/07 18:08:50 | 000,000,004 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl0.dat
[2008/04/06 18:11:48 | 000,000,100 | ---- | C] () -- C:\WINDOWS\ProductKeyExplorer.INI
[2008/03/27 17:56:32 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2008/03/27 17:56:32 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2008/03/25 13:58:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/03/25 12:10:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WT12sptlEN.INI
[2008/03/24 11:25:14 | 000,000,056 | R-S- | C] () -- C:\WINDOWS\System32\A5B17BFFE2.sys
[2008/03/23 17:18:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\MIDI Drivers
[2008/03/23 17:18:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Mallets
[2008/03/23 17:18:42 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Synth Leads
[2008/03/23 16:07:28 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/03/20 18:32:29 | 000,003,350 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sysbollox
[2008/03/20 18:32:29 | 000,000,088 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\7577757C02.sysbollox
[2008/03/03 16:11:56 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2IMG.dat
[2008/02/18 19:21:30 | 000,000,045 | ---- | C] () -- C:\WINDOWS\dhp_2545.dat
[2008/02/17 13:16:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1U.DLL
[2008/02/17 12:25:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2F.DLL
[2008/01/31 23:55:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\System32\OSENXPSUITE2005.INI
[2008/01/28 17:48:45 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI
[2008/01/27 10:55:29 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\sentinel.sysbollox
[2008/01/27 10:55:29 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\drivers\enport.sysbollox
[2007/12/10 09:02:20 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/12/10 00:01:19 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe.vir
[2007/12/05 22:20:01 | 000,008,194 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\atrans.bin
[2007/11/30 14:53:15 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007/11/24 17:55:07 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2007/10/29 20:30:06 | 000,000,004 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2007/10/25 16:30:04 | 000,008,575 | ---- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2007/10/03 18:59:01 | 000,000,205 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007/09/25 13:09:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\PUTTY.RND
[2007/09/22 10:36:16 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/09/15 18:35:45 | 000,003,982 | ---- | C] () -- C:\WINDOWS\87t98.sys
[2007/09/15 18:35:45 | 000,000,112 | ---- | C] () -- C:\WINDOWS\cd-lock.ini
[2007/09/14 11:15:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\msvcrt88.dll
[2007/09/14 11:09:25 | 000,000,070 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2007/09/14 11:09:09 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.dat
[2007/09/14 11:03:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2html.DAT
[2007/09/14 11:02:38 | 000,000,145 | ---- | C] () -- C:\WINDOWS\PDF2HTML.INI
[2007/09/14 09:55:30 | 000,101,159 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/09/14 09:55:30 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/09/14 09:55:30 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/09/14 09:55:30 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/09/14 09:55:30 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/09/14 09:55:30 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/09/14 09:55:30 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/09/14 09:55:30 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/09/14 09:55:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/09/14 09:55:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/09/14 09:55:30 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/09/14 09:55:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/09/14 09:55:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/09/14 09:55:30 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/09/14 09:55:30 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/09/14 09:55:30 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/09/14 09:55:30 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/14 09:54:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE R240R245EU.ini
[2007/09/14 08:05:12 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\SHW32.DLL
[2007/09/14 08:05:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[2007/09/14 08:05:12 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\pixpnr.dll
[2007/09/14 08:05:12 | 000,002,016 | ---- | C] () -- C:\WINDOWS\System32\sg5w30.dll
[2007/09/14 08:05:11 | 000,214,899 | ---- | C] () -- C:\WINDOWS\System32\aplib2.dll
[2007/09/14 08:05:11 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\epsn.dll
[2007/09/14 08:05:11 | 000,034,144 | ---- | C] () -- C:\WINDOWS\System32\aplib1.dll
[2007/09/14 08:05:11 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\pixpcz.dll
[2007/09/14 08:05:11 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\accupage.dll
[2007/09/13 18:18:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2007/09/13 18:18:34 | 000,009,948 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2007/09/09 16:22:20 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI
[2007/09/09 15:49:57 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\W7409A4F3207fd2F2.bin
[2007/09/03 22:24:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SWIFTREC.INI
[2007/09/03 10:27:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\explore256.dllbollox
[2007/09/02 11:45:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2007/09/02 11:45:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2007/08/19 17:25:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sysbollox
[2007/08/16 07:54:38 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ezpinst.exe
[2007/08/09 09:30:14 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2007/08/09 09:30:14 | 000,000,604 | ---- | C] () -- C:\Program Files\STLL Notifier
[2007/07/29 18:53:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2007/07/29 16:30:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL
[2007/07/26 08:25:14 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/07/26 08:25:08 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/07/26 08:25:08 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/07/26 08:25:06 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/07/23 11:49:16 | 000,190,512 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/07/22 13:14:23 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007/07/21 12:01:46 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/07/21 11:50:42 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2007/07/21 11:50:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2007/06/13 11:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/06/01 13:06:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Zipit.dll
[2007/05/31 15:56:13 | 000,440,832 | ---- | C] () -- C:\WINDOWS\rapidui.exe
[2007/05/27 16:42:49 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2007/05/27 16:30:43 | 000,000,197 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/05/25 17:51:56 | 000,000,731 | ---- | C] () -- C:\WINDOWS\Fantastic Flame Screensaver.ini
[2007/05/18 15:56:51 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\dxl.dat
[2007/05/17 12:33:58 | 000,000,102 | ---- | C] () -- C:\WINDOWS\pu32i.ini
[2007/04/29 18:33:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/04/27 17:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2007/04/27 13:58:36 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/04/27 13:58:27 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/04/27 13:55:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/04/27 13:55:11 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/04/27 13:54:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/04/22 10:55:21 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/04/18 16:41:17 | 000,000,660 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/11 16:46:16 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/11 16:46:15 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/11 16:46:15 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/04/01 23:02:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2007/03/28 14:11:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/03/28 14:11:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/03/28 14:11:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/03/24 17:30:26 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/24 16:39:01 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/23 13:50:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/03/23 09:40:20 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007/03/22 23:27:28 | 000,000,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/03/22 16:24:36 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/03/22 12:22:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2007/03/21 09:04:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\PFP120JPR.{PB
[2007/03/21 09:04:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\PFP120JCM.{PB
[2007/03/21 09:03:11 | 000,001,786 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/21 08:52:24 | 000,000,630 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/20 23:01:39 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2007/03/20 16:08:45 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2007/03/20 14:33:21 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2007/03/20 14:28:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2007/03/20 14:28:09 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2007/03/20 14:27:38 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2007/03/20 13:35:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/28 08:03:02 | 001,366,104 | ---- | C] () -- C:\WINDOWS\System32\ltwen14n.dll
[2006/12/15 16:09:12 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\DaVinciDr.sysbolloxwhatsit
[2006/11/02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/07/24 05:37:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Tao.Platform.Windows.dll
[2006/07/24 05:36:26 | 002,441,216 | ---- | C] () -- C:\WINDOWS\System32\Tao.OpenGl.dll
[2006/04/03 07:41:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Zip.dll
[2005/05/09 23:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/02/05 19:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2005/01/02 12:00:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/02 11:39:28 | 000,016,358 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/02 11:39:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/02 11:30:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/01/02 11:16:28 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/01/02 10:59:46 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/01/02 10:56:10 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/01/02 10:56:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/01/02 10:55:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/09 20:39:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/09 20:25:42 | 000,507,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/09 20:25:42 | 000,090,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/09 20:19:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/09 20:17:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/08 07:15:38 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\Codejock.CommandBars.9510.lic
[2004/08/04 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/25 02:10:06 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/05 05:22:25 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\msddlhas.dll
[2002/05/12 15:02:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\accesspv.dll
[2002/03/21 13:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/01 14:18:16 | 000,029,600 | ---- | C] () -- C:\WINDOWS\System32\mxntdfg.exe
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2007/10/14 12:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2007/04/11 11:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2011/07/22 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/27 23:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/01/03 14:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/02/10 16:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bassic Technologies
[2010/07/27 21:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2010/11/28 17:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2007/11/29 15:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Droppix
[2011/03/28 10:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DShield
[2011/03/28 11:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDRanger
[2009/01/01 13:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eboostr
[2008/07/03 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/11/14 10:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009/03/19 12:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Iceni
[2011/12/31 12:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/09/16 15:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2007/11/04 17:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laconic Software
[2008/10/19 19:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/07/29 08:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/03/06 22:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mixesoft
[2009/11/24 15:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/09/30 23:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/05/27 11:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2008/11/14 18:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PacketTrap Networks
[2008/10/09 07:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PaperlessPrinter Data
[2009/09/26 13:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2011/04/25 09:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/10/03 11:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/22 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/01/15 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Serif
[2007/09/25 17:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2011/08/28 09:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/12/19 22:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2008/09/13 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2009/09/03 15:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2007/09/01 15:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2011/01/03 10:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STDUConverter
[2011/12/29 11:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2012/01/03 14:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/27 09:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackLogs
[2011/10/16 14:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/09/17 19:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/07/03 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/03/20 13:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/25 16:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
[2009/04/02 10:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VSO
[2007/12/27 19:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/02/27 16:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Watermark Factory
[2011/12/23 15:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/08/30 14:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/08/30 14:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2009/07/25 23:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNR
[2010/09/30 23:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2011/12/18 16:06:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}
[2009/10/22 15:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2EF4F8EB-1FF3-45C7-93BC-054FBE99D9E2}
[2011/10/16 14:20:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/10/19 17:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/19 07:34:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/09/22 10:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/26 14:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/19 13:01:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/01/04 13:10:56 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012/01/04 13:02:44 | 000,032,242 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 00:00:07 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 00:00:07 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 00:00:07 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 00:00:10 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 00:00:10 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 00:00:10 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/03 00:00:07 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/03 00:00:07 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/03 00:00:07 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/03 00:00:10 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/03 00:00:10 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/03 00:00:10 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/06/04 11:15:16 | 002,387,768 | ---- | M] (Apple Inc.)

========== Files - Unicode (All) ==========
[2008/07/16 13:09:20 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?˝) -- C:\WINDOWS\System32\˝
[2008/07/10 08:57:10 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?˝) -- C:\WINDOWS\System32\˝

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wuweb.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\cdintf251.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\explore256.dllbollox:SummaryInformation
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:241D7D5958580AAB
@Alternate Data Stream - 384 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 368 bytes -> C:\Documents and Settings\HP_Owner\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 324 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AAB2E68
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5760A8B
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C2F41D
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D43E156
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0574215C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D95ACC7D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B013599
@Alternate Data Stream - 1223 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:sZG6btm8sNvtGbhyFoFc
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 1133 bytes -> C:\Program Files\Outlook Express:IkktNRZxNmvxl2zcHPLdkE
@Alternate Data Stream - 1133 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:IyCycU393Fg3Ez53YHxliuR
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FD2AC7E
@Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:pG1RrPbyIQkHrAbtrgsANncM9wv
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 1016 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:snSwEzxZjOLL9CgDl7r7VLOojD

< End of report >
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi martin1981,

Let's remove some findings.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{a9d5e89e-5821-11df-ba47-0018e770a587}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9d5e89e-5821-11df-ba47-0018e770a587}\Shell\AutoRun - "" = Auto&Play
    [2009/06/05 15:27:29 | 000,005,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyrbollox
    [2008/07/16 13:09:20 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?½) -- C:\WINDOWS\System32\½
    [2008/07/10 08:57:10 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?½) -- C:\WINDOWS\System32\½
    @Alternate Data Stream - 72 bytes -> C:\WINDOWS:241D7D5958580AAB
    @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\HP_Owner\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
    @Alternate Data Stream - 1223 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:sZG6btm8sNvtGbhyFoFc
    @Alternate Data Stream - 1133 bytes -> C:\Program Files\Outlook Express:IkktNRZxNmvxl2zcHPLdkE
    @Alternate Data Stream - 1133 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:IyCycU393Fg3Ez53YHxliuR
    @Alternate Data Stream - 1097 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:pG1RrPbyIQkHrAbtrgsANncM9wv
    @Alternate Data Stream - 1016 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:snSwEzxZjOLL9CgDl7r7VLOojD

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2


Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 5


Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#6
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello,

Many thanks for your help.
Big problem, however.

The OTL Fix worked fine, log below.
But ...

ComboFix will not run properly.

I did disable all firewall / antivirus / antimalware / antilogger at startup, disabled their services with services.msc, and ran ComboFix from desktop as instructed.
It installed itself, backed up the registry etc, then stalled at "scanning for infected files". I hadn't moved the mouse or touched the keyboard.
After a very long time (well over an hour), I switched off.
I re-enabled all the anti things, then immediately as the internet connection was established the attempted redirects to 78.192.70.254 started.
On the off chance, I ran Tdsskiller, which did not report anything. Its only effect was to cause a whole string of attempted redirects when I launched it.

==============
OTLFix log
==============

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9d5e89e-5821-11df-ba47-0018e770a587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9d5e89e-5821-11df-ba47-0018e770a587}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9d5e89e-5821-11df-ba47-0018e770a587}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9d5e89e-5821-11df-ba47-0018e770a587}\ not found.
C:\Documents and Settings\All Users\Application Data\ypkpiykb.yyrbollox moved successfully.
C:\WINDOWS\System32\˝ folder moved successfully.
Folder C:\WINDOWS\System32\˝\ not found.
ADS C:\WINDOWS:241D7D5958580AAB deleted successfully.
ADS C:\Documents and Settings\HP_Owner\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:sZG6btm8sNvtGbhyFoFc deleted successfully.
ADS C:\Program Files\Outlook Express:IkktNRZxNmvxl2zcHPLdkE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:IyCycU393Fg3Ez53YHxliuR deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:pG1RrPbyIQkHrAbtrgsANncM9wv deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:snSwEzxZjOLL9CgDl7r7VLOojD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: ASPNET

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HelpAssistant

User: HP_Owner
->Temp folder emptied: 2988085 bytes
->Temporary Internet Files folder emptied: 215954 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 117637798 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5225 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: SUPPORT_388945a0

User: SUPPORT_fddfa904

User: UpdatusUser

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110610 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 115.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01052012_095850

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Please try to run aswMBR and post log. Then restart your PC to Safe Mode and try to run Combofix from there.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#8
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello again,

aswmbr went OK, log below.
mbr.zip attached as requested

Still problem running ComboFix
I uninstalled ComboFix no problem (ComboFix /uninstall) and downloaded a fresh copy, just in case.
Went to safe mode, ran ComboFix which stalled at exactly the same place -waited about 2 hours, stuck at "scanning for infected files".

Now it won't let me uninstall ComboFix.
I get the dreaded window "Windows cannot find ComboFix, make sure etc etc etc"
I tried the uninstall both in safe mode and normal mode.

ComboFix is on my desktop (size 4.16 MB (4,370,492 bytes)

EDIT - I clicked again on the RUN box and ComboFix uninstalled itself. The mind boggles.

----
----
aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-05 14:53:46
-----------------------------
14:53:46.046 OS Version: Windows 5.1.2600 Service Pack 3
14:53:46.046 Number of processors: 2 586 0x404
14:53:46.046 ComputerName: UNIX UserName:
14:53:56.015 Initialize success
14:54:09.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
14:54:09.828 Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
14:54:09.828 Disk 0 MBR read successfully
14:54:09.828 Disk 0 MBR scan
14:54:09.843 Disk 0 unknown MBR code
14:54:09.843 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6142 MB offset 63
14:54:09.859 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184640 MB offset 12578895
14:54:09.859 Disk 0 scanning sectors +390721968
14:54:10.375 Disk 0 scanning C:\WINDOWS\system32\drivers
14:54:16.765 Service scanning
14:54:18.843 Service MpKslc96b57c2 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD038891-C4A7-4287-82E9-DF269E2764E6}\MpKslc96b57c2.sys **LOCKED** 32
14:54:19.484 Modules scanning
14:55:11.296 Disk 0 trace - called modules:
14:55:11.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:55:11.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a621ab8]
14:55:11.828 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a69c5a8]
14:55:11.828 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a5e1d98]
14:55:11.828 Scan finished successfully
14:55:25.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\MBR.dat"
14:55:25.906 The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   596bytes   23 downloads

Edited by martin1981, 05 January 2012 - 12:19 PM.

  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Leave Combofix for now. Let's try VRT scan and get some more info. This scan can take a while so please be patient.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun Virus Removal Tool and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#10
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello again and many thanks for your assistance.

I ran the Kaspersky program overnight, but it only picked up, deleted 3 and quarantined 1 false positives.
The attempted redirects carry on.

Isn't there a utility to catch the nasty thing in real time, since it always happens when I start a .exe file?
I have used tcpview, procmon, regmon, autoruns, filemon, process explorer from Sysinternals, and wirehack but none of them could intercept the malware. It only points out which program (for example iexplore, tdsskiller etc) is attacked by the malware at the time.
My .exe files have not been altered as I have checked the hash values with the same files on the net and on my laptop (infected PC being a desktop).

Anyway, Kaskersky logs attached.
In the avptool file, Kaspersky detected 3 suspicious objects. I think that 2 of them are their own drivers [2954298drv.sys] from VRT installation.

Best regards

Martin

Attached Files


  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
VRT removed some malware so let's try to do Combofix log again. Just delete (don't have to uninstal it jet) your version and download new one on your desktop.

Step 1

Delete the combofix copy you have on your Desktop

Download Combofix from any of the links below but rename it to explorer.com before saving it to your Desktop.

Link 1
Link 2
Link 3

==================================

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\explorer.com" /killall


When finished, it will produce a report for you.
Please post the C:\ComboFix.txt so we can continue cleaning the system.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.
Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#12
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Good evening,

Problems galore.
Links 1 and 3 don't work
Link 2 allows me to save under a different name but insists on adding .exe to explorer.com, giving me explorer.com.exe
I tried with explorer.scr, but got explorer.scr.exe

In the end, I saved under a random .exe name which I used instead of explorer.com in the command line.

( I had disabled all anti malwares, and closed all files)
It installed itself promptly and asked me to install a ComboFix update which I thought would defeat the object of having a different name.
I carried on without updating and after a short bit of churning, the computer froze, showing me the cmd icon on the lower taskbar.

I switched off, restarted, uninstalled and re-downloaded, went off-line and ran again from the command box. Again same freeze within seconds.

Restart again, then I noticed that the folders options had been reset to default.
Fearing other things might have happened, I tried to do a restore but all the restore points had been wiped and a new one just created.

C:\ComboFix.txt was not created.

It seems that something does not like ComboFix under any form in my PC

I must go and eat now, then I will go to bed.

Good night

Martin
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Do Step 2 and post log when scan finishes. Meanwhile I'll do some research and get back to you.
  • 0

#14
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Good morning,

OTL log below as requested.
Extras on the next post, for easier reading.

Please note that errors show that MS updates is switched off. This is deliberate. I am aware that MS issue their updates the second Tuesday of every month. I collect them on the Wednesday morning, then switch on about once a week rather than having the update service calling home all the time.

-----
-----
OTL logfile created on: 07/01/2012 10:03:30 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 56.54% Memory free
3.60 Gb Paging File | 3.12 Gb Available in Paging File | 86.61% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.31 Gb Total Space | 115.09 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.09 Gb Free Space | 34.98% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 72.39 Gb Free Space | 48.57% Space Free | Partition Type: NTFS

Computer Name: UNIX | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 11:55:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 15:58:39 | 002,976,200 | ---- | M] (Zemana Ltd.) -- C:\Program Files\AntiLogger\AntiLogger.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/06 21:24:30 | 001,867,888 | ---- | M] (PeerBlock, LLC) -- C:\STUFF\PeerBlock\peerblock.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 14:14:08 | 018,058,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e5f8e311d5fbef90d3f6f641e893d898\System.ServiceModel.ni.dll
MOD - [2011/10/12 14:10:54 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7a684c3b60526afb62a0969ada9c94cd\System.ServiceProcess.ni.dll
MOD - [2011/10/12 14:10:18 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\df89410d8f28b685778b11afe075c80d\System.Runtime.DurableInstancing.ni.dll
MOD - [2011/10/12 14:10:16 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e3135e7811b6403f9cdfb759a339924c\SMDiagnostics.ni.dll
MOD - [2011/10/12 14:10:14 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\05153a9ff2b30a737faba58a3e88229c\System.Runtime.Serialization.ni.dll
MOD - [2011/10/12 12:55:43 | 000,317,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\6298828cba3cda0587dce31f24da69f3\SMSvcHost.ni.exe
MOD - [2011/10/12 12:36:54 | 001,782,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\bf5ca252df4083e6c48dc3e9f3273cf5\System.Xaml.ni.dll
MOD - [2011/10/12 11:41:59 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll
MOD - [2011/10/12 11:41:52 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\096f1b3839e7d6dfe2598941329c08dc\System.Configuration.ni.dll
MOD - [2011/10/12 11:41:39 | 007,069,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll
MOD - [2011/10/12 11:41:14 | 009,086,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll
MOD - [2011/10/12 11:40:59 | 014,408,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2011/02/24 01:57:18 | 000,555,112 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/07/04 21:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/01/20 14:20:00 | 000,102,400 | ---- | M] () -- C:\Program Files\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
MOD - [2003/05/23 14:15:48 | 000,024,621 | ---- | M] () -- C:\Program Files\WS_FTP Pro\nsftpch.dll
MOD - [2003/05/23 14:02:34 | 000,135,214 | ---- | M] () -- C:\Program Files\WS_FTP Pro\wsftplib.dll
MOD - [2003/05/23 14:01:42 | 000,049,197 | ---- | M] () -- C:\Program Files\WS_FTP Pro\wshosts.dll
MOD - [2003/03/20 10:01:32 | 000,839,680 | ---- | M] () -- C:\Program Files\WS_FTP Pro\libeay32.dll
MOD - [2003/03/20 10:01:32 | 000,159,744 | ---- | M] () -- C:\Program Files\WS_FTP Pro\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (StatusAgent)
SRV - File not found [Disabled | Stopped] -- -- (RichVideo)
SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- -- (NMSAccess)
SRV - File not found [On_Demand | Stopped] -- -- (MySQL2)
SRV - File not found [Disabled | Stopped] -- -- (KService)
SRV - File not found [Disabled | Stopped] -- -- (EpsonBidirectionalService)
SRV - File not found [Disabled | Stopped] -- -- (EpsonBidirectionalAgent)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/14 15:37:12 | 001,479,488 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/17 09:40:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/11 13:44:44 | 000,112,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®
SRV - [2011/04/08 05:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2007/11/26 13:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/09/26 18:24:42 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/23 18:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2001/08/09 02:01:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2000/05/16 02:00:00 | 000,060,416 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\WINDOWS\system32\E_S00RP2.EXE -- (EPSON_PM_RPCV2_02) EPSON V3 Service2(02)


========== Driver Services (SafeList) ==========

DRV - [2012/01/07 09:43:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC990AC-F30B-4067-81FE-D51DCA0276C6}\MpKsl795eabad.sys -- (MpKsl795eabad)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 15:58:43 | 000,059,096 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Program Files\AntiLogger\AntiLog32.sys -- (AntiLog32)
DRV - [2011/11/23 20:45:42 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/10/13 16:33:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/05/03 15:33:46 | 006,404,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/11/06 21:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Running] -- C:\STUFF\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/06/19 07:30:12 | 000,014,848 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) Siliten HID Devices(FlexDef2b)
DRV - [2010/05/11 12:24:49 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/13 23:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/26 08:25:12 | 000,039,808 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/07/18 15:40:06 | 000,264,576 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2007/05/01 21:15:54 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2007/04/11 11:43:35 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/02/16 00:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/12/15 16:09:12 | 000,019,840 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\DaVinciDr.sysbolloxwhatsit -- (DaVinciDr)
DRV - [2006/12/13 19:02:22 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/11/29 04:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/08/04 04:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.co.uk


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.co.uk
IE - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.uk
IE - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
IE - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = www.google.co.uk
IE - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = www.google.co.uk
IE - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9c
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.6
FF - prefs.js..extensions.enabledItems: {0ac8a0b2-074e-407f-9742-e13b9e509c27}:1.3
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.http: ""
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.http_port: 0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.socks: ""
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.socks_port: 0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.ssl: ""
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.ssl_port: 0
FF - prefs.js..extensions.serviceCapture.settings.network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\HP_Owner\Application Data\Octoshape\Octoshape Streaming Services\sua-1010122-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/04/25 09:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/02 23:21:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 14:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/10 17:16:44 | 000,000,000 | ---D | M]

[2011/09/16 17:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/07/06 18:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/16 17:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\[email protected]
[2012/01/06 13:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions
[2011/03/15 17:29:48 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{0ac8a0b2-074e-407f-9742-e13b9e509c27}
[2011/08/05 18:37:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/15 14:01:15 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2011/09/15 12:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/09/06 14:15:30 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012/01/05 12:56:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/12 11:23:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/02/18 16:59:44 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/11/04 01:59:37 | 000,000,000 | ---D | M] (MAFIAAFire Redirector) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/10/15 14:01:14 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:creator="Matthew David Kesack" em:description="Upload images from the web directly to your Photobucket account." em:homepageURL="http://www.photobucket.com/" em:iconURL="chrome://photobucket/content/images/pb-logo.png" em:id="[email protected]" em:name="Photobucket Uploader" em:version="1.3.3">) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/12/15 11:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\extensions\[email protected]
[2011/12/28 18:37:45 | 000,006,404 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\gallica-bnf.xml
[2011/12/31 15:16:33 | 000,006,498 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\gutenberg.xml
[2011/04/30 14:54:41 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\imdb.xml
[2011/12/29 14:26:20 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\dumjqzdw.default\searchplugins\youtube-video-search.xml
[2012/01/06 13:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 09:56:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/09/15 12:28:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/04/25 09:30:00 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/09/15 12:28:28 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/12 16:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010/02/01 17:00:05 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/04 12:12:15 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml

O1 HOSTS File: ([2012/01/03 17:29:40 | 000,005,649 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 spywar.com
O1 - Hosts: 127.0.0.1 123spywar.com
O1 - Hosts: 127.0.0.1 72.247.206.146
O1 - Hosts: 127.0.0.1 regnow.com
O1 - Hosts: 127.0.0.1 www.regnow.com
O1 - Hosts: 127.0.0.1 plimus.com
O1 - Hosts: 127.0.0.1 78.192.70.254 #moronic redirect
O1 - Hosts: 127.0.0.1 www.plimus.com
O1 - Hosts: 127.0.0.1 209.87.178.183
O1 - Hosts: 127.0.0.1 203.128.93.234
O1 - Hosts: 127.0.0.1 69.64.155.133
O1 - Hosts: 127.0.0.1 66.244.251.240 #ftp turd
O1 - Hosts: 127.0.0.1 66.244.192.0/18
O1 - Hosts: 127.0.0.1 BIGPIPEINC.COM
O1 - Hosts: 127.0.0.1 66.244.251.30
O1 - Hosts: 127.0.0.1 ad.doubleclick.net
O1 - Hosts: 127.0.0.1 www.voyages.netfirms.com
O1 - Hosts: 127.0.0.1 www.netfirms.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 128 more lines...
O3 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008..\Run: [PeerBlock] C:\STUFF\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nousernameinstartmenu = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nosimplestartmenu = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nochangestartmenu = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: norecentdochistory = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: maxrecentdocs = 1
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O15 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..Trusted Domains: eset.eu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1888535476-4108899218-1260134867-1008\..Trusted Domains: secunia.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1D0A68-C5F2-401A-81CD-EB6210573F1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70CD94B5-9D8C-486E-B8E8-3D3AFB6444E7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8CA05A4-E231-4FBE-A782-B4D8DD27F3EE}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 20:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | --S- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2007/05/15 12:34:42 | 000,000,000 | ---D | M] - G:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 20:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\RK_Quarantine
[2012/01/06 14:44:28 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[2012/01/06 11:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\avptool_sysinfo
[2012/01/05 16:05:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Owner\Recent
[2012/01/05 10:05:17 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2012/01/04 11:56:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2012/01/03 16:14:01 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012/01/03 13:41:20 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/12/31 17:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Secunia PSI
[2011/12/31 17:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/12/31 12:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol
[2011/12/31 11:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\The KMPlayer
[2011/12/30 10:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
[2011/12/30 10:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/30 10:32:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/30 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/29 20:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\New Folder (2)
[2011/12/29 15:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Kindle hack
[2011/12/29 13:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\redsn0w
[2011/12/29 11:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\SystemSpeedBooster
[2011/12/29 11:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemSpeedBooster
[2011/12/29 11:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\SystemSpeedBooster
[2011/12/27 12:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kindle Collection Manager
[2011/12/27 12:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kindle Collection Manager
[2011/12/23 17:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Owner\Desktop\TDSSKiller.exe
[2011/12/23 14:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/12/20 14:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\New Folder
[2011/12/19 22:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2011/12/19 22:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\DxO Labs
[2011/12/19 22:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DxO_Labs
[2011/12/19 22:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\DxO Optics Pro v7 logs
[2011/12/19 22:34:42 | 000,150,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RGB9Rast_1.dll
[2011/12/18 16:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{2954F7C6-7A4E-4504-8DC4-C1DC7D251C94}
[2011/12/18 11:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2011/12/13 10:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Credit-Report-MADELEINE-S-FUND-LEAVING-NO-STONE-UNTURNED-LIMITED-3-Dec-2011_files
[2011/12/11 17:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Start Menu\Programs\Spell Checker For OE 2.1
[2009/02/22 11:49:56 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys
[2007/06/01 13:06:15 | 000,047,616 | ---- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll

========== Files - Modified Within 30 Days ==========

[2012/01/07 09:44:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/07 09:43:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 21:01:15 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/06 20:54:38 | 000,776,704 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\RogueKiller.exe
[2012/01/06 18:00:10 | 000,038,123 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\article-2083188-0F5C4E9000000578-716_472x471.jpg
[2012/01/06 09:45:55 | 000,000,430 | --S- | M] () -- C:\WINDOWS\2954298drv.spi
[2012/01/05 21:13:47 | 111,804,856 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\setup_11.0.0.1245.x01_2012_01_06_00_34.exe
[2012/01/05 16:18:30 | 004,074,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 13:24:03 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/05 12:16:43 | 000,004,858 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20120105_121638.reg
[2012/01/05 09:50:02 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Owner\Desktop\aswMBR.exe
[2012/01/04 14:09:53 | 000,302,592 | ---- | M] () -- C:\b2tp8umc.exe
[2012/01/04 13:26:42 | 000,001,786 | --S- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/01/04 11:55:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.scr
[2012/01/04 09:57:36 | 000,419,246 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1201041732.TIF
[2012/01/03 22:54:34 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (K).lnk
[2012/01/03 17:53:11 | 000,006,026 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20120103_175307.reg
[2012/01/03 17:37:48 | 000,003,460 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Order.eml
[2012/01/03 17:29:40 | 000,005,649 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/01/03 17:29:40 | 000,005,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy of HOSTS
[2012/01/03 17:29:40 | 000,005,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy (3) of HOSTS
[2012/01/03 17:29:40 | 000,005,649 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Copy (2) of HOSTS
[2012/01/03 16:14:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/03 15:02:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/03 13:35:09 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/31 12:15:55 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/31 11:50:03 | 000,057,908 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111231_114957.reg
[2011/12/31 09:37:48 | 000,507,216 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/31 09:37:48 | 000,090,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 22:14:55 | 006,323,796 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\social_engineering_hadnagy_christopher.epub
[2011/12/30 20:44:31 | 000,000,185 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (G).lnk
[2011/12/30 19:57:54 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Hallmark Card Studio 2009.exe.lnk
[2011/12/30 19:27:02 | 000,001,170 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\WD Passport.lnk
[2011/12/30 11:01:37 | 000,167,096 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.pdf
[2011/12/30 11:00:02 | 006,394,058 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.jpg
[2011/12/30 10:55:02 | 006,083,675 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\2Scan-111230-0001.jpg
[2011/12/29 23:28:46 | 000,060,795 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\sad dog.jpeg
[2011/12/29 23:23:15 | 000,066,799 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\8_big.jpg
[2011/12/29 15:11:09 | 000,032,834 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\1112293036.TIF
[2011/12/29 15:10:36 | 000,032,834 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\1112293036.TIF
[2011/12/23 14:52:26 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Owner\Desktop\TDSSKiller.exe
[2011/12/19 22:41:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/18 16:06:08 | 000,034,704 | ---- | M] () -- C:\WINDOWS\syscall.dat
[2011/12/18 10:32:58 | 000,048,948 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111218_103254.reg
[2011/12/18 10:27:52 | 000,001,646 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle.lnk
[2011/12/17 13:45:47 | 000,000,124 | --S- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/12/14 12:35:02 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 11:45:53 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\KINGSTON (G).lnk
[2011/12/13 16:26:39 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\STICK (G).lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/08 16:45:31 | 000,165,890 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\eye clinic 12-2011.pdf

========== Files Created - No Company Name ==========

[2012/01/06 20:55:00 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/06 20:54:33 | 000,776,704 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\RogueKiller.exe
[2012/01/06 18:00:07 | 000,038,123 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\article-2083188-0F5C4E9000000578-716_472x471.jpg
[2012/01/05 23:00:14 | 000,000,430 | --S- | C] () -- C:\WINDOWS\2954298drv.spi
[2012/01/05 22:25:13 | 111,804,856 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\setup_11.0.0.1245.x01_2012_01_06_00_34.exe
[2012/01/05 16:15:02 | 004,074,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 12:16:41 | 000,004,858 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20120105_121638.reg
[2012/01/04 14:09:41 | 000,302,592 | ---- | C] () -- C:\b2tp8umc.exe
[2012/01/04 09:57:35 | 000,419,246 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1201041732.TIF
[2012/01/03 22:54:34 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (K).lnk
[2012/01/03 17:53:09 | 000,006,026 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20120103_175307.reg
[2012/01/03 17:36:50 | 000,003,460 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Order.eml
[2012/01/03 16:14:07 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/01/03 13:33:08 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/31 11:49:59 | 000,057,908 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111231_114957.reg
[2011/12/30 22:15:15 | 006,323,796 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\social_engineering_hadnagy_christopher.epub
[2011/12/30 19:57:54 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Hallmark Card Studio 2009.exe.lnk
[2011/12/30 11:01:37 | 000,167,096 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.pdf
[2011/12/30 10:59:55 | 006,394,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\scan.jpg
[2011/12/30 10:54:56 | 006,083,675 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\2Scan-111230-0001.jpg
[2011/12/29 23:28:46 | 000,060,795 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\sad dog.jpeg
[2011/12/29 23:23:11 | 000,066,799 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\8_big.jpg
[2011/12/29 15:11:09 | 000,032,834 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\1112293036.TIF
[2011/12/29 15:10:36 | 000,032,834 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\1112293036.TIF
[2011/12/25 16:58:04 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Kindle (G).lnk
[2011/12/20 01:51:58 | 000,719,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/18 10:32:57 | 000,048,948 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\cc_20111218_103254.reg
[2011/12/14 11:45:53 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\KINGSTON (G).lnk
[2011/12/13 16:26:39 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\STICK (G).lnk
[2011/12/08 16:45:31 | 000,165,890 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\eye clinic 12-2011.pdf
[2011/11/16 23:32:43 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/11/16 23:32:43 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/11/16 23:32:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/11/12 19:05:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/11/02 16:48:10 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\llftool.4.12.agreement
[2011/10/14 11:55:10 | 000,185,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\KeDetective130.sys
[2011/10/05 20:33:56 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2011/09/17 18:40:09 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/09/17 17:52:32 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/17 17:52:32 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/17 17:52:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/29 10:31:51 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/05/05 19:52:15 | 000,003,620 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\PassportPhotoStudio
[2011/04/30 13:18:39 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Setting.dat
[2011/04/30 13:18:39 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\UserFlag.ini
[2010/12/11 14:22:58 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/11/08 21:32:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\winscp.rnd
[2010/10/03 11:58:34 | 000,000,391 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/08/29 09:30:15 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Images.fl
[2010/07/31 20:23:13 | 000,000,235 | ---- | C] () -- C:\WINDOWS\teleprompt.ini
[2010/07/13 17:40:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/06/26 11:08:38 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\msadio.dll
[2010/05/22 22:00:19 | 000,160,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp_.bin
[2010/04/21 08:05:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hdd.ini
[2010/04/01 17:51:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2010/02/18 12:50:16 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\DCLibrary_nat.dll
[2010/02/08 14:04:33 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ducon.xml
[2010/01/27 23:57:34 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ducon1.xml
[2010/01/27 23:53:13 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\users.xml
[2010/01/27 23:52:50 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/01/04 16:35:58 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Aurora MPEG To DVD.INI
[2010/01/04 16:11:56 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/12/31 17:55:49 | 000,445,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/21 09:55:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\oeattach.dll
[2009/12/08 21:43:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/12/03 17:01:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/09/17 10:20:50 | 000,416,824 | ---- | C] () -- C:\WINDOWS\System32\[bleep] - pwNative.exe
[2009/09/17 10:20:49 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\[bleep] - pwdrvio.sys
[2009/09/17 10:20:49 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\[bleep] - pwdspio.sys
[2009/08/26 12:28:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MAS
[2009/08/26 12:28:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Displays
[2009/08/17 09:09:37 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RBRegEx350.dll
[2009/08/17 09:09:37 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\LP0310.dll
[2009/08/17 09:09:37 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2009/08/17 09:09:37 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\MBSPlugin.DLL
[2009/08/17 09:09:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\RBShell400.dll
[2009/08/17 09:09:37 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\MBSRegistryPlugin.DLL
[2009/08/17 09:09:37 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\MBSFolderPlugin.DLL
[2009/08/17 09:09:37 | 000,031,744 | ---- | C] () -- C:\WINDOWS\System32\MBSMacTTPlugin.DLL
[2009/08/17 09:09:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\LP0301Gestalt.dll
[2009/08/17 09:09:37 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\MBSRegPlugin.DLL
[2009/08/17 09:09:37 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\LP0301ResFork.dll
[2009/08/17 09:09:37 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\LP0301LinkFile.dll
[2009/07/31 12:38:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009/06/22 11:11:41 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/06/11 15:10:44 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/11 13:39:40 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/09 12:05:26 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/06/04 19:17:34 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\vso_ts_preview.xml
[2009/04/30 13:20:38 | 000,000,990 | --S- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\systemfl.$dk
[2009/04/27 23:07:55 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2009/04/24 17:32:05 | 000,000,181 | ---- | C] () -- C:\WINDOWS\System32\FOLESVR.DLL
[2009/04/10 18:36:55 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\Days5.ini
[2009/03/23 11:52:28 | 000,000,121 | ---- | C] () -- C:\WINDOWS\winzipme.ini
[2009/03/23 11:51:15 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\addurl41.DLL
[2009/03/23 11:51:15 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\winwatch.DLL
[2009/03/10 14:46:52 | 000,000,228 | ---- | C] () -- C:\WINDOWS\System32\edacded0_x.dat
[2009/03/05 10:37:26 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\wmpeq10.dll
[2009/03/05 10:37:25 | 002,179,072 | ---- | C] () -- C:\WINDOWS\System32\eq10core.dll
[2009/03/05 10:37:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ospitray.exe
[2009/02/22 11:49:56 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.cat
[2009/02/22 11:49:56 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.inf
[2009/02/16 00:47:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2009/02/16 00:45:59 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/02/10 17:06:45 | 004,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2009/01/21 17:07:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/05 23:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2009/01/05 23:09:19 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2008/12/17 15:21:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/11/14 18:57:11 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/11/04 19:02:16 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/10/28 15:33:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/10/25 17:12:14 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\inst.exe
[2008/10/24 09:36:07 | 000,000,079 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2008/10/24 09:34:53 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.datbollox
[2008/10/24 09:34:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.datbollox
[2008/09/13 13:40:03 | 000,000,109 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2008/09/03 09:20:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\RpDays.ini
[2008/08/18 12:10:48 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdfeditor.dat
[2008/08/14 18:24:54 | 003,657,728 | ---- | C] () -- C:\WINDOWS\System32\mkl_wavearts.dll
[2008/08/07 17:47:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\OPDIRDEL.exe
[2008/08/07 12:38:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/08/06 15:07:06 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2008/07/10 22:32:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/07/10 21:52:04 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/07/09 18:24:12 | 000,000,235 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/07/09 18:24:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\ukid.INI
[2008/07/09 18:24:09 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/07/09 18:24:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/07/09 18:24:09 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/07/09 18:24:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/07/03 13:02:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/05/11 11:43:09 | 000,011,114 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MainApp.dll
[2008/04/17 12:26:10 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Salut et Fraternite
[2008/04/07 18:08:50 | 000,000,004 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl0.dat
[2008/04/06 18:11:48 | 000,000,100 | ---- | C] () -- C:\WINDOWS\ProductKeyExplorer.INI
[2008/03/27 17:56:32 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2008/03/27 17:56:32 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2008/03/25 13:58:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2008/03/25 12:10:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WT12sptlEN.INI
[2008/03/24 11:25:14 | 000,000,056 | R-S- | C] () -- C:\WINDOWS\System32\A5B17BFFE2.sys
[2008/03/23 17:18:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\MIDI Drivers
[2008/03/23 17:18:42 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Mallets
[2008/03/23 17:18:42 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Synth Leads
[2008/03/23 16:07:28 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2008/03/20 18:32:29 | 000,003,350 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sysbollox
[2008/03/20 18:32:29 | 000,000,088 | R-S- | C] () -- C:\Documents and Settings\All Users\Application Data\7577757C02.sysbollox
[2008/03/03 16:11:56 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\PDF2IMG.dat
[2008/02/18 19:21:30 | 000,000,045 | ---- | C] () -- C:\WINDOWS\dhp_2545.dat
[2008/02/17 13:16:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1U.DLL
[2008/02/17 12:25:39 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2F.DLL
[2008/01/31 23:55:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\System32\OSENXPSUITE2005.INI
[2008/01/28 17:48:45 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI
[2008/01/27 10:55:29 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\sentinel.sysbollox
[2008/01/27 10:55:29 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\drivers\enport.sysbollox
[2007/12/10 09:02:20 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/12/10 00:01:19 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe.vir
[2007/12/05 22:20:01 | 000,008,194 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\atrans.bin
[2007/11/30 14:53:15 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2007/11/24 17:55:07 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2007/10/29 20:30:06 | 000,000,004 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2007/10/25 16:30:04 | 000,008,575 | ---- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2007/10/03 18:59:01 | 000,000,205 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2007/09/25 13:09:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\PUTTY.RND
[2007/09/22 10:36:16 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/09/15 18:35:45 | 000,003,982 | ---- | C] () -- C:\WINDOWS\87t98.sys
[2007/09/15 18:35:45 | 000,000,112 | ---- | C] () -- C:\WINDOWS\cd-lock.ini
[2007/09/14 11:15:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\msvcrt88.dll
[2007/09/14 11:09:25 | 000,000,070 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2007/09/14 11:09:09 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.dat
[2007/09/14 11:03:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2html.DAT
[2007/09/14 11:02:38 | 000,000,145 | ---- | C] () -- C:\WINDOWS\PDF2HTML.INI
[2007/09/14 09:55:30 | 000,101,159 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/09/14 09:55:30 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/09/14 09:55:30 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/09/14 09:55:30 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/09/14 09:55:30 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/09/14 09:55:30 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/09/14 09:55:30 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/09/14 09:55:30 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2007/09/14 09:55:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/09/14 09:55:30 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/09/14 09:55:30 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/09/14 09:55:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/09/14 09:55:30 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/09/14 09:55:30 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2007/09/14 09:55:30 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2007/09/14 09:55:30 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/09/14 09:55:30 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/09/14 09:54:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE R240R245EU.ini
[2007/09/14 08:05:12 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\SHW32.DLL
[2007/09/14 08:05:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[2007/09/14 08:05:12 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\pixpnr.dll
[2007/09/14 08:05:12 | 000,002,016 | ---- | C] () -- C:\WINDOWS\System32\sg5w30.dll
[2007/09/14 08:05:11 | 000,214,899 | ---- | C] () -- C:\WINDOWS\System32\aplib2.dll
[2007/09/14 08:05:11 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\epsn.dll
[2007/09/14 08:05:11 | 000,034,144 | ---- | C] () -- C:\WINDOWS\System32\aplib1.dll
[2007/09/14 08:05:11 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\pixpcz.dll
[2007/09/14 08:05:11 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\accupage.dll
[2007/09/13 18:18:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SETSCAN.INI
[2007/09/13 18:18:34 | 000,009,948 | ---- | C] () -- C:\WINDOWS\pixcache.ini
[2007/09/09 16:22:20 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Power Video Converter.INI
[2007/09/09 15:49:57 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\W7409A4F3207fd2F2.bin
[2007/09/03 22:24:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\SWIFTREC.INI
[2007/09/03 10:27:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\explore256.dllbollox
[2007/09/02 11:45:27 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2007/09/02 11:45:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2007/08/19 17:25:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sysbollox
[2007/08/16 07:54:38 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ezpinst.exe
[2007/08/09 09:30:14 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\T2
[2007/08/09 09:30:14 | 000,000,604 | ---- | C] () -- C:\Program Files\STLL Notifier
[2007/07/29 18:53:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2007/07/29 16:30:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL
[2007/07/26 08:25:14 | 000,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2007/07/26 08:25:08 | 000,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2007/07/26 08:25:08 | 000,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2007/07/26 08:25:06 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2007/07/23 11:49:16 | 000,190,512 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/07/22 13:14:23 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2007/07/21 12:01:46 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/07/21 11:50:42 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2007/07/21 11:50:10 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2007/06/13 11:34:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/06/01 13:06:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Zipit.dll
[2007/05/31 15:56:13 | 000,440,832 | ---- | C] () -- C:\WINDOWS\rapidui.exe
[2007/05/27 16:42:49 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2007/05/27 16:30:43 | 000,000,197 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/05/25 17:51:56 | 000,000,731 | ---- | C] () -- C:\WINDOWS\Fantastic Flame Screensaver.ini
[2007/05/18 15:56:51 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\dxl.dat
[2007/05/17 12:33:58 | 000,000,102 | ---- | C] () -- C:\WINDOWS\pu32i.ini
[2007/04/29 18:33:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/04/27 17:13:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2007/04/27 13:58:36 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/04/27 13:58:27 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/04/27 13:55:22 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/04/27 13:55:11 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/04/27 13:54:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/04/22 10:55:21 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/04/18 16:41:17 | 000,000,660 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/11 16:46:16 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/11 16:46:15 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/04/11 16:46:15 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/04/01 23:02:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2007/03/28 14:11:45 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2007/03/28 14:11:45 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2007/03/28 14:11:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2007/03/24 17:30:26 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/24 16:39:01 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/23 13:50:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/03/23 09:40:20 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007/03/22 23:27:28 | 000,000,124 | --S- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/03/22 16:24:36 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/03/22 12:22:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2007/03/21 09:04:37 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\PFP120JPR.{PB
[2007/03/21 09:04:37 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\PFP120JCM.{PB
[2007/03/21 09:03:11 | 000,001,786 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/21 08:52:24 | 000,000,630 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/20 23:01:39 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2007/03/20 16:08:45 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2007/03/20 14:33:21 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2007/03/20 14:28:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\AppRun.exe
[2007/03/20 14:28:09 | 000,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2007/03/20 14:27:38 | 000,160,963 | ---- | C] () -- C:\WINDOWS\System32\drivers\gtipdsp.bin
[2007/03/20 13:35:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/28 08:03:02 | 001,366,104 | ---- | C] () -- C:\WINDOWS\System32\ltwen14n.dll
[2006/12/15 16:09:12 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\DaVinciDr.sysbolloxwhatsit
[2006/11/02 16:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2006/07/24 05:37:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Tao.Platform.Windows.dll
[2006/07/24 05:36:26 | 002,441,216 | ---- | C] () -- C:\WINDOWS\System32\Tao.OpenGl.dll
[2006/04/03 07:41:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Zip.dll
[2005/05/09 23:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/02/05 19:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2005/01/02 12:00:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/02 11:39:28 | 000,016,358 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/01/02 11:39:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/01/02 11:30:22 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/01/02 11:16:28 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/01/02 10:59:46 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/01/02 10:56:10 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/01/02 10:56:10 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/01/02 10:55:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/11/09 20:39:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/11/09 20:25:42 | 000,507,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/11/09 20:25:42 | 000,090,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/09 20:19:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/09 20:17:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/08 07:15:38 | 000,000,485 | ---- | C] () -- C:\WINDOWS\System32\Codejock.CommandBars.9510.lic
[2004/08/04 18:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/25 02:10:06 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/05 05:22:25 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\msddlhas.dll
[2002/05/12 15:02:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\accesspv.dll
[2002/03/21 13:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/08/23 23:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/01 14:18:16 | 000,029,600 | ---- | C] () -- C:\WINDOWS\System32\mxntdfg.exe
[2001/07/06 22:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 19:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wuweb.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\cdintf251.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\explore256.dllbollox:SummaryInformation
@Alternate Data Stream - 384 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 324 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AAB2E68
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31FAD21
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5760A8B
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93C2F41D
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D43E156
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0574215C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D95ACC7D
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B013599
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FD2AC7E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#15
martin1981

martin1981

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
EXTRAS LOG
==========

OTL Extras logfile created on: 07/01/2012 10:03:30 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 56.54% Memory free
3.60 Gb Paging File | 3.12 Gb Available in Paging File | 86.61% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.31 Gb Total Space | 115.09 Gb Free Space | 63.83% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 2.09 Gb Free Space | 34.98% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 72.39 Gb Free Space | 48.57% Space Free | Partition Type: NTFS

Computer Name: UNIX | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [KMPlayer.Enqueue] -- "C:\Program Files\The KMPlayer\KMPlayer.exe"/ADD "%1"
Directory [KMPlayer.Play] -- "C:\Program Files\The KMPlayer\KMPlayer.exe" "%1" (KMP Meida co.,Ltd)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP Pro\wsftppro.exe" = C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Java\jre1.6.0_06\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre1.6.0_06\launch4j-tmp\JDownloader.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_06\bin\java.exe" = C:\Program Files\Java\jre1.6.0_06\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\STUFF\NewsProxy-124\NewsProxy.exe" = C:\STUFF\NewsProxy-124\NewsProxy.exe:*:Disabled:NewsProxy
"C:\Program Files\KeyHoleTV\KeyHoleTV.exe" = C:\Program Files\KeyHoleTV\KeyHoleTV.exe:*:Disabled:KeyHole TV Main Application -- (OISEYER Inc.)
"C:\Program Files\get_iplayer\perl.exe" = C:\Program Files\get_iplayer\perl.exe:*:Disabled:perl -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
"C:\Program Files\MyLanViewer\MyLanViewer.exe" = C:\Program Files\MyLanViewer\MyLanViewer.exe:*:Disabled:MyLanViewer -- (S.K. Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03DD066A-214B-4354-AD54-DE0CDFBFA88B}" = MyLanViewer
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1" = BusinessCards MX
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BF38C77-E678-49AF-885A-BBD10AED2FF3}" = ACDSee RAW Image Decoder Plug-In Update 4.0
"{1E494817-D81E-4B0E-B379-F34DF4DCDA58}" = SilverCrest DMTS2017 Driver
"{1E76EB6E-E390-11DF-95DB-005056C00008}" = MSVCRT Redists
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{26B5AD79-EE99-4E17-93A6-AF215E3A81E9}" = VC90_CRT_x86
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{413022B0-0272-4216-A4A3-FC878815DF56}" = Kindle Collection Manager
"{42146C53-4D93-46EF-A221-734B08978E1B}" = calibre
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel® Network Connections 16.3.48.0
"{4656E410-AE23-46FE-86BA-3B1B0D8B8D9B}" = Google Analytics Opt-out Browser Add-on
"{4744A01E-4B17-4643-A1FA-44FF83CB316D}" = PhotoTools 2.6 Professional Edition
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B83F6FA-D5B2-4C5D-A6AB-6D3A538E5E48}" = ServiceCapture2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687EAC-F27D-49AC-A0E2-3899B0459113}" = Hallmark Card Studio 2011 Deluxe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BAA87E9-8820-416E-B2DF-A294D1883367}" = MediaWiper
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74B68E74-908B-48C4-8562-580CF2741BBA}" = Nuance OmniPage 17
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{866FEF35-C429-4131-86FE-8B11F067485F}" = WinZip Corporate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{88221A5B-269D-487E-914E-E9F819FDBA3F}" = MyFantasyMaker
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AD2EA30-5049-11D4-A08E-0080AD97BBF5}" = DJ Java Decompiler v.3.9.9.91
"{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}" = WinPatrol
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
"{912853A4-C655-4BEF-88EE-3FD9EDC50EAB}_is1" = Photo Calendar Maker 1.45
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9660B18F-EC12-11DF-B006-0013D3D69929}" = Sound Forge Pro 10.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}" = SRS Audio Sandbox
"{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}" = Hallmark Card Studio 2009
"{C5C53176-AAF3-4A35-BE8F-5B7726C52ABB}_is1" = VAPXP 1.1.36
"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007
"{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010
"{CA253D48-46E8-4455-97AC-F1C84A3363C8}" = Thomson TG123g Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7B28-CA5C-4520-ABBB-184524C01A51}" = Sony CD Architect 5.2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC35AABA-EA0A-41C1-8462-F60A201DFF9B}" = Noise Reduction Plug-in 2.0i
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:30
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.5.6
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EF9DD8-2666-4E68-B8CE-7AC4F9F1ABB5}" = UltraEdit 14.20
"{FBBB318F-3769-4B1C-B8B2-AF7ED4DA2272}_is1" = Passport Photo Studio 1.5.1
"{FCADA4FF-142C-42A8-B73C-0A54A7F83345}" = Perfect Resize 7.0.2 Professional Edition
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.2
"4Front EQ10 for Various Players_is1" = 4Front EQ10 2.0 for Various Players
"4U Download YouTube Video_is1" = 4U Download YouTube Video (version 2.8.3)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"Amazon Kindle" = Amazon Kindle
"Ancient Castle 3D Screensaver_is1" = Ancient Castle 3D Screensaver 1.1
"AntiLogger" = AntiLogger
"Any Video Converter Professional_is1" = Any Video Converter Professional 3.2.1
"AudioStreamer" = AudioStreamer
"B/W Styler 1.05 (Standalone/Lightroom)_is1" = B/W Styler 1.05 (Standalone/Lightroom)
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
"CAL" = Canon Camera Access Library
"Calendar Magic_is1" = Calendar Magic V16.9
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanUp!" = CleanUp!
"Clock Tower 3D Screensaver_is1" = Clock Tower 3D Screensaver 1.1
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CodeStuff Starter" = CodeStuff Starter
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"coverXP" = coverXP (remove only)
"Credit Card Number Validator" = Credit Card Number Validator
"CSCLIB" = Canon Camera Support Core Library
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"DFX for Winamp" = DFX for Winamp
"DFX for Windows Media Player" = DFX for Windows Media Player
"DirectVobSub" = DirectVobSub (remove only)
"Discovery 3D Screensaver_is1" = Discovery 3D Screensaver 1.1
"DivX Setup.divx.com" = DivX Setup
"Doc Scrubber_is1" = Doc Scrubber v1.1
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"DVDFab 8 Qt_is1" = DVDFab 8.1.2.0 (15/09/2011) Qt
"DVDInfoPro" = DVDInfoPro
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON Printer and Utilities" = EPSON Printer Software
"ESPR240 User's Guide" = ESPR240 User's Guide
"Fantastic Flame Screensaver" = Fantastic Flame Screensaver
"Fantasy Moon 3D Screensaver_is1" = Fantasy Moon 3D Screensaver 1.3
"FileHippo.com" = FileHippo.com Update Checker
"FinePrint" = FinePrint
"foobar2000" = foobar2000 v1.1.9
"Forte Agent" = Forté Agent
"Fotosizer" = Fotosizer 1.8.0.95
"Galleon 3D Screensaver_is1" = Galleon 3D Screensaver 1.3
"get_iplayer" = get_iplayer 2.44+
"Glary Utilities_is1" = Glary Utilities Pro 2.21.0.863
"Halloween 3D Screensaver_is1" = Halloween 3D Screensaver 1.1
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"HashTab" = HashTab 4.0.0.2
"IconWorkshop" = Axialis IconWorkshop 6.31
"ie8" = Windows Internet Explorer 8
"Infix" = Infix
"iolo technologies' System Mechanic 4" = iolo technologies' System Mechanic 4
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"JTides 5.2_is1" = jTides 5.2
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"KeyHoleTV" = KeyHoleTV
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.9.2
"LabelPro 3.0" = Avery LabelPro 3.0
"LSI Soft Modem" = LSI PCI Soft Modem
"Magic Image Resizer" = Magic Image Resizer 1.4 (remove only)
"Magic Photo Recovery" = Magic Photo Recovery 2.0
"Mail Attachment Remover_is1" = Mail Attachment Remover 1.07
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"Mozilla Thunderbird (3.1.14)" = Mozilla Thunderbird (3.1.14)
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"MyCameraDC" = Canon Utilities MyCamera DC
"Nature 3D Screensaver_is1" = Nature 3D Screensaver 1.1
"Nautilus 3D Screensaver_is1" = Nautilus 3D Screensaver 1.2
"Neat Image_is1" = Neat Image v6.0 Pro+
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OEBackupGenie_is1" = Outlook Express Backup Genie v2.0
"Outlook Express Attachment Remover_is1" = Outlook Express Attachment Remover 1.05
"Outlook Express Email Extractor" = Outlook Express Email Extractor
"PackPal Barcode Generator" = PackPal Barcode Generator
"PanoramaStudio2Pro" = PanoramaStudio 2.0 Pro (uninstall)
"pdfFactory Pro" = pdfFactory Pro
"Perfectly Clear Plugin" = Perfectly Clear Plugin 1.5.7
"Photo-Brush_is1" = Photo-Brush 4.1
"PhotoShrink" = PhotoShrink
"Picasa 3" = Picasa 3
"Picture Resize Genius_is1" = Picture Resize Genius 2.9.5
"Portrait Professional Studio 9_is1" = Portrait Professional Studio 9.0
"Power Retouche Retouching Suite" = Power Retouche Retouching Suite
"Pretty HTML 3.7_is1" = Pretty HTML 3.7
"Product Key Explorer_is1" = Product Key Explorer 2.3.5
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickPar" = QuickPar 0.9
"RarmaRadio_is1" = RarmaRadio 2.32
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"RealMedia" = RealMedia (remove only)
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Resize Pictures Plus_is1" = Resize Pictures Plus 3.1.1
"Search and Replace_is1" = Search and Replace
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"Spirit of Fire 3D Screensaver_is1" = Spirit of Fire 3D Screensaver 2.4
"SpywareBlaster_is1" = SpywareBlaster 4.5
"SSC Service Utility_is1" = SSC Service Utility v4.30
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"Tag&Rename_is1" = Tag&Rename 3.4
"TagScanner_is1" = TagScanner 5.0 build 511
"TellyPrompter_is1" = TellyPrompter v1.5
"The KMPlayer" = The KMPlayer (remove only)
"The Ultimate Troubleshooter" = The Ultimate Troubleshooter
"The Word" = theWord
"TheSage" = TheSage
"Tropical Fish 3D Screensaver_is1" = Tropical Fish 3D Screensaver 1.1
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Turbo Photo_is1" = Turbo Photo 6.6
"TVUPlayer" = TVUPlayer 2.4.8.2
"UltraISO_is1" = UltraISO Premium V9.36
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Visual Business Cards 4_is1" = Visual Business Cards 4
"VLC media player" = VLC media player 1.0.2
"VueScan" = VueScan
"Water Clock 3D Screensaver_is1" = Water Clock 3D Screensaver 1.0
"Winamp" = Winamp
"WinASO Registry Optimizer 4.5.1_is1" = WinASO Registry Optimizer 4.5.1
"WinASO Registry Optimizer_is1" = WinASO Registry Optimizer 4.6.5
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"Wondershare Photo Recovery_is1" = Wondershare Photo Recovery (build 3.0.0)
"Yellow Pages Spider Trial_is1" = Yellow Pages Spider Trial v2.18
"YU2010_is1" = Your Uninstaller! 7
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1888535476-4108899218-1260134867-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FolderLock6" = Folder Lock
"InstallShield_{01ED1AFB-D352-413B-8415-5DC5F1D23983}" = SolarWinds Advanced Subnet Calculator
"Moonphase 3.3" = Moonphase 3.3
"Octoshape Streaming Services" = Octoshape Streaming Services
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/01/2012 05:44:34 | Computer Name = UNIX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07/01/2012 05:44:34 | Computer Name = UNIX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 07/01/2012 05:44:41 | Computer Name = UNIX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07/01/2012 05:44:41 | Computer Name = UNIX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/01/2012 05:44:41 | Computer Name = UNIX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 07/01/2012 05:44:45 | Computer Name = UNIX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07/01/2012 05:44:45 | Computer Name = UNIX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/01/2012 05:44:45 | Computer Name = UNIX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 07/01/2012 05:44:45 | Computer Name = UNIX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/01/2012 05:44:45 | Computer Name = UNIX | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 06/01/2012 17:50:14 | Computer Name = UNIX | Source = Service Control Manager | ID = 7034
Description = The ALG service terminated unexpectedly. It has done this 1 time(s).

Error - 06/01/2012 17:50:14 | Computer Name = UNIX | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s).

Error - 06/01/2012 17:52:43 | Computer Name = UNIX | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 06/01/2012 18:35:02 | Computer Name = UNIX | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31

Error - 07/01/2012 05:36:03 | Computer Name = UNIX | Source = Service Control Manager | ID = 7001
Description = The NetBios over Tcpip service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 07/01/2012 05:36:03 | Computer Name = UNIX | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%1068

Error - 07/01/2012 05:36:03 | Computer Name = UNIX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD ElbyCDIO Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetworkX RasAcd Rdbss Tcpip WS2IFSL

Error - 07/01/2012 05:36:04 | Computer Name = UNIX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/01/2012 05:41:58 | Computer Name = UNIX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/01/2012 05:43:30 | Computer Name = UNIX | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%31


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP