____________________________________________________________________________________
OTL logfile created on: 24/01/2012 7:34:09 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Trevor\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 34.43% Memory free
3.85 Gb Paging File | 2.54 Gb Available in Paging File | 65.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 9.82 Gb Free Space | 12.57% Space Free | Partition Type: NTFS
Drive E: | 154.76 Gb Total Space | 2.51 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Computer Name: HOMEPC | User Name: Trevor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/23 10:40:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trevor\Desktop\OTL.exe
PRC - [2012/01/02 16:25:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/22 19:41:50 | 002,659,256 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/04 01:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/04 01:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/29 22:05:42 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/02/09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/19 20:01:08 | 004,388,192 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/01/19 20:01:08 | 002,245,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2007/12/20 17:13:46 | 001,553,896 | ---- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2007/02/20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2005/10/20 09:52:32 | 000,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2005/10/20 09:31:54 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/08 23:33:14 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/02 16:25:58 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/22 19:41:44 | 000,157,624 | ---- | M] () -- C:\Program Files\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2011/11/22 19:41:22 | 000,091,576 | ---- | M] () -- C:\Program Files\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2011/11/14 16:06:56 | 000,108,496 | ---- | M] () -- C:\Program Files\PC Tools Security\BDT\BSPatch.dll
MOD - [2009/10/23 17:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/14 11:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [1998/09/22 07:00:00 | 000,033,792 | ---- | M] () -- C:\Program Files\WinZip\WZSHLEXT.DLL
========== Win32 Services (SafeList) ==========
SRV - [2011/11/22 19:41:50 | 001,117,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/11/22 18:20:06 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/11/22 18:20:02 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2011/11/14 16:06:56 | 000,546,768 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/04 01:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/05/21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/11/17 17:27:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/17 16:01:20 | 004,368,952 | ---- | M] (Prevx) [Auto | Stopped] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/01/19 20:01:08 | 004,388,192 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2007/12/20 17:13:46 | 001,553,896 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2005/10/20 09:31:54 | 000,749,568 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
========== Driver Services (SafeList) ==========
DRV - [2012/01/24 19:15:39 | 000,027,656 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec)
DRV - [2012/01/24 19:15:39 | 000,022,024 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2012/01/16 17:54:42 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/11/22 19:43:02 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/11/22 19:42:40 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/11/22 19:38:04 | 000,253,096 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/11/22 18:20:06 | 000,574,424 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - [2011/11/22 18:20:06 | 000,035,264 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/11/22 18:20:04 | 000,054,328 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/04 01:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2010/10/03 21:44:57 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2009/05/08 11:22:28 | 001,358,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/10/17 02:14:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/14 14:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008/01/19 20:12:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/19 19:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2008/01/19 19:40:16 | 000,015,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/12/20 17:13:54 | 000,136,416 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2006/07/31 07:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002/07/17 07:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001/04/10 07:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bigpond.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://au.yhs.search...2-tb-web_au&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ASC/AppVirtualization;version=1.1.22: C:\Program Files\Ascensio System\App Virtualization\Framework\npASCpluginS.dll (Ascensio System SIA)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Trevor\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/20 18:31:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/18 09:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2012/01/16 17:29:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.23\ [2012/01/22 10:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 16:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 21:03:46 | 000,000,000 | ---D | M]
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Extensions
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Extensions\[email protected]
[2012/01/16 16:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions
[2011/03/06 11:26:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 16:43:28 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/11/23 10:22:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/13 14:25:07 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\extensions\[email protected]
[2011/11/11 08:26:00 | 000,003,847 | ---- | M] () -- C:\Documents and Settings\Trevor\Application Data\Mozilla\Firefox\Profiles\0mjqbie2.default\searchplugins\avg-secure-search.xml
[2011/11/13 09:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/02 16:25:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/07 13:25:14 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/22 10:26:00 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/10/07 13:25:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/07 13:25:14 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/07 13:25:14 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/07 13:25:14 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search...p={searchTerms}
CHR - default_search_provider: suggest_url = http://sugg.search.y...}&output=fxjson
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: getPlusPlus for Adobe 16249 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Trevor\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: ASC plugin (Enabled) = C:\Program Files\Ascensio System\App Virtualization\Framework\npASCpluginS.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Frostwire Toolbar = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.0_0\
CHR - Extension: Frostwire Toolbar = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.17859_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Trevor\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
O1 HOSTS File: ([2012/01/15 21:23:49 | 000,440,088 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15134 more lines...
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/04/12 18:53:58 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lnk_disabled [2011/05/27 16:19:43 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\Trevor\Start Menu\Programs\Startup\lnk_disabled [2011/05/27 16:19:43 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Trevor\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Trevor\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.133.193 61.9.134.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{338A258E-5476-4BE6-BDC1-535D95B4DB38}: DhcpNameServer = 61.9.133.193 61.9.134.49
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Trevor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Trevor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/16 18:25:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/01/24 19:14:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/24 18:56:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/24 18:41:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Trevor\Recent
[2012/01/24 01:06:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/24 01:04:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/24 01:04:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/24 01:04:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/24 01:04:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/24 00:02:38 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Trevor\Desktop\aswMBR.exe
[2012/01/23 20:29:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/23 20:28:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/23 20:10:35 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Trevor\Desktop\avg_remover_stf_x86_2011_1184.exe
[2012/01/23 10:40:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Trevor\Desktop\OTL.exe
[2012/01/23 09:47:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/01/22 10:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/22 10:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\AVG Secure Search
[2012/01/22 10:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/01/22 10:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\AVG2012
[2012/01/22 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/01/19 13:10:18 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Trevor\Desktop\TDSSKiller.exe
[2012/01/16 17:29:44 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012/01/16 17:29:12 | 000,185,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/01/16 17:29:12 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012/01/16 17:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2012/01/16 17:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\TestApp
[2012/01/16 09:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Local Settings\Application Data\Threat Expert
[2012/01/13 01:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\PCTools
[2012/01/12 23:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/12 23:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/12 21:45:16 | 000,574,424 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/01/12 21:45:15 | 000,054,328 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/01/12 21:45:15 | 000,035,264 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/01/12 21:31:05 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012/01/12 21:31:05 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll0140.old
[2012/01/12 21:31:05 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012/01/12 21:31:05 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll0140.old
[2012/01/12 21:31:05 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012/01/12 21:22:12 | 000,660,992 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012/01/12 21:22:12 | 000,341,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/01/12 21:22:11 | 000,253,096 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/01/12 21:22:08 | 000,331,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/01/12 21:22:08 | 000,162,584 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/01/12 21:22:02 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/01/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/12 21:21:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\Application Data\PC Tools
[2012/01/12 21:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/01/09 21:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Trevor\My Documents\AVS4YOU
[2007/10/14 20:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/24 19:15:39 | 000,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2012/01/24 19:15:39 | 000,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2012/01/24 18:48:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 18:47:25 | 001,116,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/24 18:45:29 | 000,000,322 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2012/01/24 18:45:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 18:45:15 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2012/01/24 18:44:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/24 18:25:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/24 11:25:06 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2012/01/24 08:45:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 01:06:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/24 00:33:13 | 000,000,510 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\Mbr.zip
[2012/01/24 00:18:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\MBR.dat
[2012/01/24 00:03:45 | 000,121,092 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\Cannot remove _Trojan horse PSW.Generic9.RDX_ - Geeks to Go Forums.pdf
[2012/01/24 00:03:07 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Trevor\Desktop\aswMBR.exe
[2012/01/24 00:02:25 | 002,035,725 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\tdsskiller.zip
[2012/01/23 20:10:35 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Trevor\Desktop\avg_remover_stf_x86_2011_1184.exe
[2012/01/23 10:40:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Trevor\Desktop\OTL.exe
[2012/01/22 10:26:34 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/22 10:03:27 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/21 14:02:11 | 000,433,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/21 14:02:11 | 000,067,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/19 13:10:18 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Trevor\Desktop\TDSSKiller.exe
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2012/01/18 16:40:26 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2012/01/18 11:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/17 17:22:24 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/16 17:59:08 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Trevor\My Documents\spider.sav
[2012/01/16 17:54:42 | 000,341,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012/01/16 17:41:25 | 000,001,430 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup.exe.lnk
[2012/01/15 21:23:49 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/14 09:19:47 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120115-212348.backup
[2012/01/12 21:21:32 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup_revwire207[1].exe
[2012/01/12 21:03:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/01/12 13:25:39 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120114-091946.backup
[2012/01/11 20:48:57 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120112-132538.backup
[2012/01/07 14:48:40 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/30 12:20:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/26 20:41:38 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/24 01:06:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/24 01:06:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/24 01:04:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/24 01:04:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/24 01:04:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/24 01:04:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/24 01:04:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/24 00:33:13 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\Mbr.zip
[2012/01/24 00:18:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\MBR.dat
[2012/01/24 00:03:40 | 000,121,092 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\Cannot remove _Trojan horse PSW.Generic9.RDX_ - Geeks to Go Forums.pdf
[2012/01/24 00:02:24 | 002,035,725 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\tdsskiller.zip
[2012/01/22 10:26:34 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/21 13:55:43 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/01/18 17:27:03 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2012/01/16 17:29:25 | 001,116,885 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/01/16 17:27:24 | 000,001,430 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup.exe.lnk
[2012/01/12 21:31:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0140.old
[2012/01/12 21:31:05 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/01/12 21:31:05 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012/01/12 21:31:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012/01/12 21:31:05 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012/01/12 21:31:05 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012/01/12 21:19:50 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Trevor\Desktop\sdsetup_revwire207[1].exe
[2012/01/12 21:03:46 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/12 21:03:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/13 20:56:56 | 000,943,949 | ---- | C] () -- C:\Program Files\winzip70.exe
[2011/11/12 18:05:56 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/11/12 18:01:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/10/04 08:32:28 | 000,375,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/27 22:30:29 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/27 22:30:29 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/27 22:30:29 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/27 19:08:49 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/08 13:44:44 | 099,991,640 | ---- | C] () -- C:\Program Files\CyberLink.v1730_36089_Spr_PTD110506-02.exe
[2011/05/21 07:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/02 13:42:31 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/04/02 13:42:31 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/04/02 13:42:31 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2011/03/08 21:21:53 | 000,116,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/15 10:49:17 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/10/03 22:39:11 | 000,005,056 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\drctchbl.xvi
[2010/10/03 22:39:09 | 000,004,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xqkcebzs.dik
[2010/09/21 11:50:15 | 000,000,322 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/01/21 22:35:07 | 000,000,022 | ---- | C] () -- C:\WINDOWS\op70.ini
[2009/12/14 23:15:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\prvlcl.dat
[2009/11/28 17:37:16 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/23 17:41:44 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2009/11/23 17:40:44 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2009/11/20 21:35:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/11/20 19:35:11 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/20 19:35:11 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/20 19:35:11 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/20 19:35:11 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/20 19:35:11 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/20 19:35:11 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/20 19:35:11 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/20 19:35:11 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/20 19:35:11 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/20 19:35:11 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/20 19:35:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/20 19:35:11 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/20 19:35:11 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/20 19:35:11 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/20 19:35:11 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/20 19:35:11 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/20 19:35:11 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/20 19:35:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/20 19:35:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/20 12:36:29 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/11/19 21:03:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/18 18:42:51 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2009/11/17 19:53:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/17 15:29:52 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/11/17 05:18:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/17 05:17:57 | 001,747,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 18:26:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 18:24:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/11/14 13:41:09 | 000,004,060 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\FASTWiz.html
[2009/01/14 13:42:05 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Trevor\Application Data\WavCodec.wff
[2009/01/06 10:40:55 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/05 23:06:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/11/15 04:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 22:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/06/15 22:20:35 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\fusioncache.dat
[2005/09/19 17:56:49 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/05/03 23:59:38 | 005,858,878 | -H-- | C] () -- C:\Documents and Settings\Trevor\Local Settings\Application Data\IconCache(1).db
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 04:57:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 23:00:00 | 000,433,122 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 23:00:00 | 000,067,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 23:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
========== LOP Check ==========
[2012/01/22 10:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/22 10:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/23 20:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/16 19:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/16 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/04/02 13:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/11/26 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2010/10/16 19:29:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/16 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
[2009/11/16 20:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/11/20 19:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/08/13 13:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2009/11/16 20:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/06/09 11:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2009/11/16 20:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2012/01/23 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/13 18:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/07/27 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/28 16:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/11/28 16:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
[2010/11/28 16:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
[2009/11/16 20:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2012/01/17 17:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/11/28 16:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
[2010/12/28 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2012/01/24 19:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/20 19:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/07/26 16:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2011/11/13 21:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/16 20:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/03/08 21:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/17 20:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/11/16 20:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
[2011/03/10 13:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\ACAMPREF
[2011/09/15 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\AVG
[2012/01/22 10:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\AVG Secure Search
[2012/01/22 10:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\AVG2012
[2011/11/13 14:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Azureus
[2011/04/02 13:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\CheckPoint
[2009/11/17 19:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/06 23:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\DVDVideoSoft
[2011/06/06 23:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\DVDVideoSoftIEHelpers
[2011/11/12 15:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Epson
[2010/04/08 22:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Facebook
[2012/01/21 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Free Audio Editor
[2011/11/13 15:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\FrostWire
[2011/08/04 22:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Import Audio from Video
[2010/12/21 22:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Jaran Nilsen
[2009/11/16 20:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\KWorld Multimedia
[2010/03/09 19:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\LimeWire
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Magix
[2009/11/16 20:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\MailFrontier
[2011/03/25 23:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Millennia
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\MOVAVI
[2010/02/14 11:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Music Recognition
[2011/01/13 12:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\NCH Swift Sound
[2012/01/13 01:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\PCTools
[2011/06/15 12:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\PriceGong
[2010/10/03 21:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Recordpad
[2010/03/12 15:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\RipIt4Me
[2009/11/16 20:51:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Samsung
[2011/10/21 18:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Serif
[2010/12/01 09:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Softland
[2010/12/28 14:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Sync App Settings
[2012/01/16 17:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\TestApp
[2011/04/03 23:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Uniblue
[2009/11/16 20:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trevor\Application Data\Video DVD Maker FREE
[2012/01/24 18:45:15 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
[2011/02/17 23:32:03 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2012/01/24 18:25:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/12/19 23:10:18 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2011/01/14 16:32:06 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\twelvekeysShakeIcon.job
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2012/01/18 17:27:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\Documents and Settings\Trevor\Local Settings\Temp\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\Documents and Settings\Trevor\Local Settings\Temp\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\Documents and Settings\Trevor\Local Settings\Temp\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 16:25:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 17:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/02 16:25:56 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/02 16:25:58 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 20:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 22:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/06/27 17:38:40 | 000,094,208 | ---- | M] (Microsoft Corporation)
< >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88333F4A
< End of report >
______________________________________________________________________________________
hopefully these will provide something useful
I will be off the air for a few hours (playing at a gig) but will be back on the air in a few hours.