Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse Cryptic.eay

Started by dbid , Apr 23 2012 01:20 PM

  • Please log in to reply

#1
dbid
Posted 23 April 2012 - 01:20 PM

dbid

    Member

  • Member
  • PipPip
  • 14 posts
Hi,
Please help. I have a trojan horse cryptic.eay infection - Location is C:\windows\system 32\drivers\inspec.sys

I have run OTL
Contents of OTL.txt


OTL logfile created on: 23/04/2012 18:47:16 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\*****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

502.37 Mb Total Physical Memory | 68.98 Mb Available Physical Memory | 13.73% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.42% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.68 Gb Total Space | 22.24 Gb Free Space | 42.22% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 13.35 Gb Free Space | 77.58% Space Free | Partition Type: NTFS

Computer Name: BRID | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\interwise\participant\pull.exe (AT&T Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset .exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files\interwise\participant\IwReg.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (VAIOMediaPlatform-VideoServer-UPnP) -- %systemroot%\system32\PTproct.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (RkHit) -- C:\WINDOWS\system32\drivers\RKHit.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mfeavfk01) -- Device\mfeavfk01.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NTPASp50) -- C:\WINDOWS\system32\drivers\NtpaSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=5061031
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=5061031
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {A131B419-DE4F-4CA9-844A-94D1A75DC5C2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8B31CEF1-67C5-4915-983D-2D16B0611BC7}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-10 10:35:25&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A131B419-DE4F-4CA9-844A-94D1A75DC5C2}: "URL" = http://www.google.ie...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{B8DEB18F-AE7A-4851-9E04-D34F4FE898B3}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{CFD859C2-C194-442A-B7D6-0CAD0CF7BF06}: "URL" = http://uk.search.yah...f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 16:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 10:29:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/20 12:27:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 11:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/05 17:44:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 16:09:59 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2012/04/22 21:28:30 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [cdEaqoYrltbao.exe] C:\Documents and Settings\All Users\Application Data\cdEaqoYrltbao.exe File not found
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe File not found
O4 - HKLM..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r File not found
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe (Dell Inc)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini File not found
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless File not found
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" File not found
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [PMX Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup File not found
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting .exe File not found
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Push Client.LNK = C:\Program Files\interwise\participant\pull.exe (AT&T Inc.)
O4 - Startup: C:\Documents and Settings\*****\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://maps.corkcoco...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49087723-D607-4AE7-A1D8-8477E736CACD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\*****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\*****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\ekrn.exe : Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\Shell\AutoRun\command - "" = 0iocrb1h.cmd
O33 - MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\Shell\explore\Command - "" = 0iocrb1h.cmd
O33 - MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\Shell\open\Command - "" = 0iocrb1h.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: websenseclientdeployservice - File not found
NetSvcs: SE26mdfl - File not found
NetSvcs: ssrvc - File not found
NetSvcs: MRENDIS5 - File not found
NetSvcs: zumbus - File not found
NetSvcs: ANC - File not found
NetSvcs: traprcvr - File not found
NetSvcs: pilogsrv - File not found
NetSvcs: ahcix86s - File not found
NetSvcs: knobserv - File not found
NetSvcs: tpkmpsvc - File not found
NetSvcs: pdlnepkt - File not found
NetSvcs: eliservice - File not found
NetSvcs: VAIOMediaPlatform-VideoServer-UPnP - %systemroot%\system32\PTproct.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
NetSvcs: SSHNAS - File not found


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RkHit.sys - C:\WINDOWS\system32\drivers\RKHit.sys File not found
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: CryptSvc - %SystemRoot%\System32\cryptsvc.dllics.smotri.com File not found
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0117F56B-AD48-4773-BDD1-FBEFE0142D00} - Yahoo! Search Settings Update
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61C934E3-4D8D-4F51-A817-AA2FC5DE3134} - NoIE8Tour
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{ADBFDA29-0E74-42E3-825F-7198C982B51E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/04/23 17:43:03 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/04/23 17:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/04/23 17:31:20 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\*****\Desktop\WinsockxpFix.exe
[2012/04/23 17:31:19 | 009,396,288 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\*****\Desktop\stinger sunday.exe
[2012/04/23 17:30:42 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\*****\Desktop\OTL.exe
[2012/04/22 09:39:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\*****\Recent
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/23 18:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/04/23 18:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\08-01-2011_182552.job
[2012/04/23 18:24:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3423553026-1073689676-2149870915-1006.job
[2012/04/23 18:20:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/23 18:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/23 18:20:01 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/23 18:09:43 | 000,000,061 | RH-- | M] () -- C:\Documents and Settings\*****\Desktop\stinger sunday.opt
[2012/04/23 18:09:25 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/23 17:43:03 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/04/23 17:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/23 17:25:58 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\gmer.zip
[2012/04/23 17:22:23 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\*****\Desktop\OTL.exe
[2012/04/23 16:32:05 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/04/23 16:25:08 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\*****\Desktop\WinsockxpFix.exe
[2012/04/23 15:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/22 23:53:48 | 009,396,288 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\*****\Desktop\stinger sunday.exe
[2012/04/22 23:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/22 22:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/04/22 21:59:24 | 000,391,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/22 21:59:24 | 000,058,570 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/22 21:37:10 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\hosts-perm.bat
[2012/04/22 21:28:30 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/22 14:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/04/22 13:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/22 12:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/04/22 11:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/22 10:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/04/22 10:11:39 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/22 03:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/22 03:00:02 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job
[2012/04/22 02:32:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/22 01:32:04 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/21 19:20:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/21 19:07:34 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\rkill.com
[2012/04/21 18:54:38 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/21 18:48:48 | 000,381,952 | ---- | M] () -- C:\Documents and Settings\*****\Local Settings\Application Data\pfioahpvsu.exe
[2012/04/21 15:19:39 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3423553026-1073689676-2149870915-1006.job
[2012/04/21 14:14:42 | 004,166,057 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\horse matching.pdf
[2012/04/21 14:12:49 | 006,380,752 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\jack in box shape matching.pdf
[2012/04/21 14:08:45 | 002,401,949 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\animals and their homes matching.pdf
[2012/04/21 10:57:29 | 095,812,717 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/20 21:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/20 20:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/04/20 19:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/20 16:41:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 09:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/18 18:58:21 | 000,287,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/15 00:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/14 21:15:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 23:17:04 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/11 22:57:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/11 09:39:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/23 18:09:43 | 000,000,061 | RH-- | C] () -- C:\Documents and Settings\*****\Desktop\stinger sunday.opt
[2012/04/23 17:30:23 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\gmer.zip
[2012/04/22 23:08:10 | 526,843,904 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/22 21:57:54 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\hosts-perm.bat
[2012/04/22 00:18:52 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/21 19:07:32 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\rkill.com
[2012/04/21 18:49:05 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/04/21 18:48:48 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\pfioahpvsu.exe
[2012/04/21 14:14:42 | 004,166,057 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\horse matching.pdf
[2012/04/21 14:12:49 | 006,380,752 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\jack in box shape matching.pdf
[2012/04/21 14:08:45 | 002,401,949 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\animals and their homes matching.pdf
[2012/04/06 10:27:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3423553026-1073689676-2149870915-1006.job
[2012/02/15 11:00:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/09 17:28:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/27 23:53:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Pq1AbpuK0.dat
[2011/07/27 23:32:54 | 000,012,924 | -HS- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\3707e7x82801v345n742586p5s3h1gq4
[2011/07/27 23:32:54 | 000,012,924 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3707e7x82801v345n742586p5s3h1gq4
[2011/07/27 23:32:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\psmx.exe
[2011/07/27 23:32:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ftnm.exe
[2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\xqnp.exe
[2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cwlk.exe
[2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\cwdj.exe
[2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctdm.exe
[2011/07/27 23:32:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bjfq.exe
[2011/07/27 23:32:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\xpkb.exe
[2011/07/23 23:07:30 | 000,014,628 | -HS- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 23:07:30 | 000,014,628 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\pewu.exe
[2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\ofss.exe
[2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtuf.exe
[2011/07/23 23:06:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jcqp.exe
[2011/07/23 23:06:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ckkt.exe
[2011/07/23 23:06:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\ckey.exe
[2011/07/23 23:06:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\prat.exe
[2011/07/23 23:06:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\posp.exe
[2011/06/19 19:32:45 | 000,016,220 | -HS- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\ux28k8k70xg6ehd13ev2e
[2011/06/19 19:32:45 | 000,016,220 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ux28k8k70xg6ehd13ev2e
[2011/05/14 19:21:14 | 000,014,030 | -HS- | C] () -- C:\Documents and Settings\*****\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 19:21:14 | 000,014,030 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5

========== LOP Check ==========

[2011/08/02 17:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/05 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/11/23 00:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/01 19:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/01 20:26:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/01 19:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/29 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/31 17:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/03/31 17:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/11/18 19:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/06 14:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/28 18:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/12/10 11:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\AVG Secure Search
[2011/08/02 18:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\AVG10
[2008/10/20 19:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Interwise
[2006/11/02 19:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Leadertech
[2008/04/14 18:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\LimeWire
[2009/12/29 19:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\NCH Swift Sound
[2009/03/31 18:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Nuance
[2006/11/17 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Template
[2012/04/23 18:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\08-01-2011_182552.job
[2012/04/15 00:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/04/20 09:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/04/22 10:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/04/22 11:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/04/22 12:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/04/22 13:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/04/22 14:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/04/23 15:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/04/23 16:32:05 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/04/23 17:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/04/23 18:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/04/22 01:32:04 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/04/20 19:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/04/20 20:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/04/20 21:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/04/22 22:32:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/04/22 23:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/04/22 02:32:02 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/04/22 03:32:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/08/03 04:32:18 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/08/03 05:32:19 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/08/03 06:32:18 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/08/03 07:32:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/08/03 08:32:25 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/06/28 02:00:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2012/01/31 02:00:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Data Collection.job
[2012/04/22 03:00:02 | 000,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Application Data\*. >
[2006/10/31 21:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/12/01 23:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/03/19 15:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/08/02 17:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/05 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/11/23 00:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/01 19:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/01 20:26:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/27 19:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/10/31 21:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2008/11/24 22:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/03/11 11:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/03/10 16:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2006/10/31 21:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/10/31 21:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/08/27 21:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/19 13:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/03/18 15:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2011/08/01 19:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/30 18:41:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/04/11 23:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/12/29 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/08/01 17:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/31 17:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/11/18 19:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/19 17:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2004/08/10 14:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/31 17:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/03/18 15:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/03/30 18:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/17 16:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/11/18 19:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/24 22:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2009/12/03 00:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/05/21 18:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/05/21 20:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/10/06 14:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/28 18:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011/07/27 23:32:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bjfq.exe
[2011/07/23 23:06:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ckkt.exe
[2011/07/27 23:32:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ctdm.exe
[2011/07/27 23:32:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cwlk.exe
[2011/07/27 23:32:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ftnm.exe
[2011/07/23 23:06:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jcqp.exe
[2011/07/23 23:06:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mtuf.exe
[2011/07/23 23:06:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\prat.exe
[2009/02/04 14:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe
[2012/01/27 17:57:15 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.3.3\SetupAdmin.exe
[2011/12/02 11:19:41 | 000,526,512 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2006/11/14 21:30:34 | 000,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\DellSupportODBK.exe
[2007/04/12 18:37:56 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\DellSommelierFix.exe
[2007/04/12 18:37:56 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
[2006/11/04 13:13:12 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\fix\DellSupportLauncher.exe
[2006/11/04 13:13:13 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
[2006/10/31 21:56:59 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\RunGdp.exe
[2006/10/31 21:57:01 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\MakeDesktopShortcut.EXE
[2006/10/31 21:57:01 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\fix\DellSupportLauncher.exe
[2006/10/31 21:57:03 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\MakeDesktopShortcut.EXE
[2006/10/31 21:57:03 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportLauncher.exe
[2012/04/14 21:14:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2011/06/20 15:52:18 | 004,358,496 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgmfapx.exe
[2011/02/08 04:33:06 | 000,276,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgntdumpx.exe
[2011/02/08 04:33:28 | 000,249,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\pack\avgrunasx.exe
[2011/08/01 12:18:12 | 037,904,960 | ---- | M] (PC Tools ) -- C:\Documents and Settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_revwire207_en_aff_dl.exe

< %APPDATA%\*. >
[2010/03/03 15:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Adobe
[2007/01/31 23:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\AdobeUM
[2012/02/03 17:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Apple Computer
[2011/12/10 11:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\AVG Secure Search
[2011/08/02 18:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\AVG10
[2006/10/31 21:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Corel
[2006/11/02 20:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Corel Photo Album
[2006/11/02 20:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\CyberLink
[2006/11/02 22:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Google
[2006/10/31 21:57:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\*****\Application Data\Gtek
[2009/03/15 20:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Help
[2008/11/24 22:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\HP
[2012/04/22 23:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\HPAppData
[2010/05/12 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\HpUpdate
[2004/08/10 14:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Identities
[2006/10/31 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Intel
[2008/10/20 19:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Interwise
[2006/11/02 19:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Leadertech
[2008/04/14 18:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\LimeWire
[2006/11/02 21:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Macromedia
[2009/08/27 21:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Malwarebytes
[2011/03/17 16:13:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\*****\Application Data\Microsoft
[2012/03/06 16:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Mozilla
[2009/12/29 19:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\NCH Swift Sound
[2009/03/31 18:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Nuance
[2010/03/22 10:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Real
[2006/11/02 19:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Sonic
[2008/01/26 20:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Sun
[2006/10/31 21:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Symantec
[2006/11/17 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Template
[2011/05/21 18:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Yahoo!

< %APPDATA%\*.exe /s >
[2008/02/09 16:26:55 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\*****\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
[2010/12/14 20:16:37 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\*****\Application Data\Real\Update\setup3.13\setup.exe
[2011/01/23 22:34:09 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\*****\Application Data\Real\Update\setup3.14\setup.exe
[2011/07/20 11:13:35 | 000,308,864 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\*****\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe

< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/13 20:03:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/07/13 20:03:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/13 20:03:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/13 20:03:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 06:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\i386\autochk.exe
[2004/08/04 06:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\i386\beep.sys
[2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\*****\Local Settings\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\*****\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\*****\Local Settings\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\*****\Local Settings\Temp\RarSFX1\h\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 01:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 01:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 06:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\i386\imm32.dll
[2004/08/04 06:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 17:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 11:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2009/03/21 14:54:07 | 000,989,184 | ---- | M] (Microsoft Corporation) MD5=80202858D245FF07DAA1739C57A3E19B -- C:\WINDOWS\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[2004/08/04 06:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\i386\kernel32.dll
[2004/08/04 06:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 16:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtUninstallKB959426_0$\kernel32.dll
[2009/03/21 15:18:57 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=B6ACAED7588295129791E0E6A2B0FADE -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[2009/03/21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 15:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 01:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 01:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 11:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 14:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 18:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 18:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 06:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\i386\mswsock.dll
[2004/08/04 06:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 18:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 01:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 01:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 18:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 18:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 06:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/04 06:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NTFS.SYS >
[2007/02/09 12:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 12:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/04 06:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\i386\ntfs.sys
[2004/08/04 06:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 01:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 01:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 06:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\i386\ntmssvc.dll
[2004/08/04 06:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 06:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\i386\proquota.exe
[2004/08/04 06:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 01:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 01:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\i386\qmgr.dll
[2004/08/04 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 01:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 01:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 01:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 06:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\i386\sfcfiles.dll
[2004/08/04 06:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 01:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 01:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2005/06/11 01:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/14 01:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/11 00:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\i386\spoolsv.exe
[2005/06/11 00:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 01:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 01:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 06:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\i386\srsvc.dll
[2004/08/04 06:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 06:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\i386\termsrv.dll
[2004/08/04 06:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 01:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 01:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\*****\Local Settings\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\*****\Local Settings\Temp\RarSFX1\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 06:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\i386\ws2_32.dll
[2004/08/04 06:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 01:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 01:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 06:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\i386\xmlprov.dll
[2004/08/04 06:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/04/22 10:11:39 | 000,032,072 | ---- | M] () -- C:\WINDOWS\system32\drivers\mbamchameleon.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB57769$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Contents of Extras.txt
OTL Extras logfile created on: 23/04/2012 18:47:16 - Run 1
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\*****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

502.37 Mb Total Physical Memory | 68.98 Mb Available Physical Memory | 13.73% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.42% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.68 Gb Total Space | 22.24 Gb Free Space | 42.22% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 13.35 Gb Free Space | 77.58% Space Free | Partition Type: NTFS

Computer Name: BRID | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{192257C2-CBBD-4013-BD7B-9504611AF721}" = AVG 2011
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 26
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}" = Mouse Suite for Laptop Computers
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4421C89-1F2F-479D-AED1-27ACBF1310E8}" = BTOffer
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ARO 2011_is1" = ARO 2011
"AT&T Connect Participant" = AT&T Connect Participant
"AVG" = AVG 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Uninstall Utility" = McAfee Uninstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MIXERLITE" = Mixer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Powerbullet Presenter free v1.35_is1" = Powerbullet Presenter
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/04/2012 16:57:36 | Computer Name = BRID | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 22/04/2012 16:57:36 | Computer Name = BRID | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 22/04/2012 16:59:20 | Computer Name = BRID | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 22/04/2012 16:59:21 | Computer Name = BRID | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 22/04/2012 17:50:22 | Computer Name = BRID | Source = JavaQuickStarterService | ID = 1
Description =

Error - 22/04/2012 18:10:37 | Computer Name = BRID | Source = JavaQuickStarterService | ID = 1
Description =

Error - 22/04/2012 18:23:05 | Computer Name = BRID | Source = JavaQuickStarterService | ID = 1
Description =

Error - 22/04/2012 18:46:13 | Computer Name = BRID | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23/04/2012 10:29:21 | Computer Name = BRID | Source = JavaQuickStarterService | ID = 1
Description =

Error - 23/04/2012 13:22:24 | Computer Name = BRID | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 23/04/2012 13:24:19 | Computer Name = BRID | Source = Service Control Manager | ID = 7003
Description = The TCP/IP Protocol Driver service depends on the following nonexistent
service: IPSec

Error - 23/04/2012 13:24:19 | Computer Name = BRID | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1075

Error - 23/04/2012 13:24:55 | Computer Name = BRID | Source = Service Control Manager | ID = 7003
Description = The TCP/IP Protocol Driver service depends on the following nonexistent
service: IPSec

Error - 23/04/2012 13:24:55 | Computer Name = BRID | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1075

Error - 23/04/2012 13:26:11 | Computer Name = BRID | Source = Service Control Manager | ID = 7003
Description = The TCP/IP Protocol Driver service depends on the following nonexistent
service: IPSec

Error - 23/04/2012 13:26:11 | Computer Name = BRID | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1075

Error - 23/04/2012 13:29:24 | Computer Name = BRID | Source = Service Control Manager | ID = 7003
Description = The TCP/IP Protocol Driver service depends on the following nonexistent
service: IPSec

Error - 23/04/2012 13:29:24 | Computer Name = BRID | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%1075

Error - 23/04/2012 13:32:00 | Computer Name = BRID | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 23/04/2012 14:32:01 | Computer Name = BRID | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402


< End of report >

Attached Files


  • 0

Advertisements

#2
Nedklaw
Posted 23 April 2012 - 01:29 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, dbid! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for dbid only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Whilst I am reviewing your log please run the following tool:


Step 1

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • aswMBR.txt
  • 0

#3
dbid
Posted 23 April 2012 - 02:31 PM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
have run avast scan now but as my internet connection is not working, I had to copy avast from another computer and so cannot add the definitions. I have included the avast scan log as an attachment. Thank you.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 21:23:50
-----------------------------
21:23:50.968 OS Version: Windows 5.1.2600 Service Pack 3
21:23:50.968 Number of processors: 2 586 0xE08
21:23:50.968 ComputerName: **** UserName:
21:23:55.531 Initialize success
21:24:11.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:24:11.359 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 74881MB BusType: 3
21:24:11.390 Disk 0 MBR read successfully
21:24:11.390 Disk 0 MBR scan
21:24:11.390 Disk 0 unknown MBR code
21:24:11.390 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
21:24:11.406 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53944 MB offset 160650
21:24:11.406 Disk 0 Partition - 00 0F Extended LBA 17618 MB offset 110655720
21:24:11.421 Disk 0 Partition 3 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 146737710
21:24:11.453 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 17618 MB offset 110655783
21:24:11.453 Disk 0 scanning sectors +153340425
21:24:11.531 Disk 0 scanning C:\WINDOWS\system32\drivers
21:24:37.671 Service scanning
21:25:21.984 Modules scanning
21:25:35.234 Disk 0 trace - called modules:
21:25:35.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:25:35.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82bd58c8]
21:25:35.281 3 CLASSPNP.SYS[f8544fd7] -> nt!IofCallDriver -> \Device\0000006e[0x82be3f18]
21:25:35.281 5 ACPI.sys[f83ab620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82bd7030]
21:25:35.281 Scan finished successfully
21:26:25.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\*****\Desktop\MBR.dat"
21:26:25.734 The log file has been saved successfully to "C:\Documents and Settings\*****\Desktop\aswMBR.txt"

Attached Files


  • 0

#4
dbid
Posted 24 April 2012 - 09:31 AM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Any help would be greatly appreciated. If you cannot help, could I delete my posts from this forum please,
Thank you
  • 0

#5
Nedklaw
Posted 24 April 2012 - 02:12 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Please download Panda USB Vaccine (you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run the program.
    • Double-click on the file USBVaccine.zip located on your desktop.
    • A file viewer will open. Double-click on the file USBVaccineSetup.exe. Please select Yes if you are asked if you want to allow the program to make changes to the computer.
    • Follow the steps on screen to install the program on your computer.
  • Plug in your USB drive and click on Vaccinate USB and Vaccinate Computer.

Step 2

Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):

  • J2SE Runtime Environment 5.0 Update 6
  • Java™ 6 Update 5
  • LiveUpdate 2.6 (Symantec Corporation)
  • McAfee Uninstaller


Step 3

  • Save this file to your desktop: Attached File  fix.txt   6.19KB   108 downloads
  • Run OTL.
  • Drag and drop fix.txt into the Custom Scans and Fixes box.
  • If you cannot drag and drop for some reason then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your desktop.
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and check the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Download the Mcafee Removal Tool to your desktop.

Run the tool to remove Mcafee.

After this, please restart your computer.


Step 5

The minimum amount of RAM recommended for Windows XP is 512MB.

  • Please visit Crucial System Scanner.
  • Check the box to agree with the Terms and Conditions and click Download the Scanner.
  • Run the scanner and it will suggest RAM modules which you can consider buying to increase the amount of RAM you have.
I recommend you invest in a RAM module in the near future because it can help to increase your computer speed.


Step 6

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • FSS.txt
  • 0

#6
dbid
Posted 26 April 2012 - 01:31 PM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, Thank you for all your help. I could not run a cruical scan as my internet connection is not working. There is problem with winsock so if you could advise me on that also, I would be extremely grateful.
Please find the following below - OTL Fix Log, OTL.txt, FSS.txt
Thanks again


•OTL Fix Log
All processes killed
========== OTL ==========
Service RkHit stopped successfully!
Service RkHit deleted successfully!
File C:\WINDOWS\system32\drivers\RKHit.sys File not found not found.
Service mfeavfk01 stopped successfully!
Service mfeavfk01 deleted successfully!
File Device\mfeavfk01.sys File not found not found.
Service mfesmfk stopped successfully!
Service mfesmfk deleted successfully!
C:\WINDOWS\system32\drivers\mfesmfk.sys moved successfully.
Service mferkdk stopped successfully!
Service mferkdk deleted successfully!
C:\WINDOWS\system32\drivers\mferkdk.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cdEaqoYrltbao.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe \ not found.
Item C:\WINDOWS\system32\svchost.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\ not found.
File 0iocrb1h.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\ not found.
File 0iocrb1h.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1f2cff4-23cd-11de-adc2-0015c5badd08}\ not found.
File 0iocrb1h.cmd not found.
SSHNAS removed from NetSvcs value successfully!
C:\WINDOWS\stinger.sys moved successfully.
C:\Program Files\stinger folder moved successfully.
C:\Documents and Settings\*****\Desktop\stinger sunday.exe moved successfully.
C:\Documents and Settings\*****\Desktop\stinger sunday.opt moved successfully.
File C:\WINDOWS\stinger.sys not found.
File C:\Documents and Settings\*****\Desktop\stinger sunday.exe not found.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\pfioahpvsu.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Pq1AbpuK0.dat moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\3707e7x82801v345n742586p5s3h1gq4 moved successfully.
C:\Documents and Settings\All Users\Application Data\3707e7x82801v345n742586p5s3h1gq4 moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\psmx.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ftnm.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\xqnp.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\cwlk.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\cwdj.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ctdm.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\bjfq.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\xpkb.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\Documents and Settings\All Users\Application Data\15ho16v480qtjopuusb031qp2362v1q moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\pewu.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\ofss.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\mtuf.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\jcqp.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ckkt.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\ckey.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\prat.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\posp.exe moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\ux28k8k70xg6ehd13ev2e moved successfully.
C:\Documents and Settings\All Users\Application Data\ux28k8k70xg6ehd13ev2e moved successfully.
C:\Documents and Settings\*****\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\setb0.tmp deleted successfully.
C:\WINDOWS\002809_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"EnableFirewall"|"1" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"DoNotAllowExceptions"|"1" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\"DisableNotifications"|"0" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|"1" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DoNotAllowExceptions"|"1" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"DisableNotifications"|"0" /E : value set successfully!
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
File\Folder C:\WINDOWS\System 32\drivers\inspec.sys not found.
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\*****\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\*****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 21586982 bytes
->Temporary Internet Files folder emptied: 465234048 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 15450 bytes

User: All Users

User: *****
->Temp folder emptied: 208202614 bytes
->Temporary Internet Files folder emptied: 295173854 bytes
->Java cache emptied: 2842643 bytes
->Google Chrome cache emptied: 6138516 bytes
->Flash cache emptied: 267695 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 13198565 bytes
->Flash cache emptied: 8781 bytes

User: NetworkService
->Temp folder emptied: 208 bytes
->Temporary Internet Files folder emptied: 190649076 bytes
->Flash cache emptied: 2200 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 361210169 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 176284 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35876 bytes
RecycleBin emptied: 28679144 bytes

Total Files Cleaned = 1,520.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.41.0 log created on 04262012_191949

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\SX6VKXYN\arts_crafts_supplies;sz=300x250;s=16;s=108;s=12;s=32;s=92;s=67;s=128;s=3;s=97;s=142;s=22;s=29;s=26;s=m1;u=ea0bf6416ef145e5bb41bc75ed59861d;z=262;z=261;z=267;tile=1;ord=8[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\SX6VKXYN\arts_crafts_supplies;sz=728x90;sn=12898831;s=16;s=108;s=12;s=32;s=92;s=67;s=128;s=3;s=97;s=142;s=22;s=29;s=26;s=m1;u=7212fc1669ef4f7295b15e0cdcc87008;z=672;z=681;tile=2;[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\SX6VKXYN\keywords;kw=hen+night;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=11700;items=9992;sz=160x600;tile=3;ord=123713[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q7GZSXKV\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmN[1].adNoOp&fr=csc_ymailm&modid=none not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q7GZSXKV\arts_crafts_supplies;sz=160x600;sn=12898831;s=16;s=108;s=12;s=32;s=92;s=67;s=128;s=3;s=97;s=142;s=22;s=29;s=26;s=m1;u=610ed8b2259340b1b960f53af8771b33;z=672;z=681;tile=1[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q7GZSXKV\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=72;sz=728x90;tile=1;ord=1237[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPU3K5IR\CA3IEP3V.asp%3Fid%3D114879%26affid%3D105%26cid%3D0%26lpname%3Doffer%255F11487%252Easp%26qty%3D1%26pfid%3D%26bburl%3D%26rd_cd%3D&mboxVersion=34&mboxXDomainCheck=true not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPU3K5IR\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPU3K5IR\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[2].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\OPU3K5IR\keywords;kw=album+hen;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=98;sz=728x90;tile=1;ord=123714767[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\OLQQDGJY\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmN[1].adNoOp&fr=csc_ymailm&modid=none not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\OLQQDGJY\keywords;kw=album;cat=550;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=20147;items=222;sz=160x600;tile=3;ord=123[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\OLQQDGJY\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=72;sz=160x600;tile=3;ord=123[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\NRVR3W9L\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNDT05DRVBUBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L2NvbmNlcHQEbl90eXA[1].adNoOp&fr=csc_ymailm&modid=none not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\NRVR3W9L\click,VaUDAMT3BwCrOhwAu94HAAIAAmgAAP8AAAAEDwIADwKMrgEAoFsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD-wEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15oshiqtr%2FM%3D715481[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\NRVR3W9L\__album-hen_W0QQ_armZ1QQ_armiZArtQQ_armmZ94QQ_fromfsbZQQ_ruuZhttpQ3aQ2fQ2fartQ2eshopQ2eebayQ2ecoQ2eukQ2fitemsQ2fArtQ5fQ5falbumQ2dhenQ5fW0Q51Q51Q5farrQ5A1Q51Q51Q5ffromfsb[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\KBU3EZS1\adlink%7C500%7C1001042%7C0%7C1%7CAdId%3D2268916%3BBnId%3D1%3Bitime%3D385512549%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Brsi%3D10040%2Brsi%3D10057%2Brsi%3D10078%2B%3Blink%3D;ord=3855[1] not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\KBU3EZS1\adlink%7C500%7C1002169%7C0%7C170%7CAdId%3D2211761%3BBnId%3D1%3Bitime%3D385636555%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Brsi%3D10040%2Brsi%3D10057%2Brsi%3D10078%2Brsi%3D10119%2B%3B[1] not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\KBU3EZS1\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=64;sz=160x600;tile=3;ord=123[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9EB4XER\arts_crafts_supplies;sz=160x600;sn=12898831;s=16;s=108;s=12;s=32;s=92;s=67;s=128;s=3;s=97;s=142;s=22;s=29;s=26;s=m1;u=e4a017218e394de98a6cec4b6e1e959d;z=672;z=681;tile=1[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9EB4XER\arts_crafts_supplies;sz=160x600;sn=262679011;s=32;s=k12;s=k102;s=k92;s=k4;s=k160;s=m1;u=a93045ff7b654e3d98932a310740beb1;z=672;z=681;tile=1;ord=385119[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9EB4XER\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9EB4XER\gQAdibENwjAQAE1DScMc8T9GBkJDQ8MU0cu8naDEjuyXPAVttmInCNXd6T63_XtRi9ptN8qPqXIuHcVnFwYvRfUi8xWg1qpdZhL2KY9cinZpgkcUzq6nGPhOQjBMFLiAAYN4AbSm_Rva4wENtj-s2ayjOdmz1a85KPUF[1].jpg not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K9EB4XER\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=64;sz=728x90;tile=1;ord=1237[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K0J20E0N\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmN[1].adNoOp&fr=csc_ymailm&modid=none not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K0J20E0N\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K0J20E0N\keywords;kw=album+hen;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=98;sz=160x600;tile=3;ord=12371476[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K0J20E0N\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=72;sz=160x600;tile=3;ord=123[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\K0J20E0N\showletter;_ylc=X3oDMTUxZTNxM3VkBEFjdGlvbgNWaWV3IG1lc3NhZ2UESW50bAN1cwRMbmtUeXADUmVndWxhcgRQYXJ0VHlwZQNZYWhvbyEEUmVzUG9zQQMwBFJlc1Bvc1IDMARTcmNoQ3VycgNtZXNzYWdlBFNyY2hEZ[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXQ7OD23\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXQ7OD23\default;cat=550;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=20140;items=239287;sz=728x90;tile=1;ord=12371476367[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\GXQ7OD23\keywords;kw=hen+night;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=11700;items=9992;sz=728x90;tile=1;ord=1237137[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\GL2VCT2V\cardmaking_and_scrapbooking;cat=14339;cat=11788;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=75572;items=163965;[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\GL2VCT2V\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=72;sz=728x90;tile=1;ord=1237[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTQ50HQF\arts_crafts_supplies;sz=728x90;sn=12898831;s=16;s=108;s=12;s=32;s=92;s=67;s=128;s=3;s=97;s=142;s=22;s=29;s=26;s=m1;u=6120df9a1c084e4994ee5a57070d4406;z=672;z=681;tile=2;[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTQ50HQF\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTQ50HQF\default;cat=550;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=20140;items=239287;sz=160x600;tile=3;ord=1237147636[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CTQ50HQF\fgAdiTsOwjAMQM3C2DvA3tgEBShzF06BrMhNi_qJEqPcpFfgmlCm957eJx2OK6xQ7XfgE3f6zO8Yx0Ey9KrxjlhKMT4Jq3RLGiVn45cJH7NK8j3PQVpWxmHiIBktWqIbkrPN38idT2Sp-WHLehv1xV2decUA8AU_[1].jpg not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPEZSP6J\adlink%7C500%7C1001042%7C0%7C1%7CAdId%3D2163647%3BBnId%3D1%3Bitime%3D444135862%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Brsi%3D10040%2Brsi%3D10057%2Brsi%3D10078%2B%3Blink%3D;ord=4441[1] not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPEZSP6J\gQBrFeV5NI1hGgMfGyNDWk5-eWpRcXxiXkp8emZaSTFDRklJgZW-fnl5uV5yUWpiSWpaflFOanGxXnJ-rr5nXklqUXJGYl56qktiSaJ-Zm5iemqxvpG-kYGBhb6BqZElmGVgamxoYGRgaWpsBuLqgiR0zUzNzfSyCtIZGAA_[1].jpg not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPEZSP6J\keywords;kw=a5+album;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=868;items=90;sz=160x600;tile=3;ord=12371377880[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPEZSP6J\keywords;kw=a5+album;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=868;items=90;sz=728x90;tile=1;ord=123713778808[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPEZSP6J\keywords;kw=album;cat=625;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=43478;items=2549;sz=160x600;tile=3;ord=12[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\CPEZSP6J\party_supplies;sz=728x90;s=22;s=108;s=29;s=32;s=26;s=67;s=128;s=k12;s=k102;s=k92;s=k4;s=k160;s=m1;u=a9025bd0027f4160b81e8673fff25a0d;z=471;z=458;tile=2;ord=516420[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HQ7ODQ3\;sdccat=96425;kw=hen+night+cheap+album+memories+book;cnt=gb;page=xdn;gen=null;type=null;tile=10;loc=bottom;zr=n;ct=;u=tJMSxn1FNq_DSSM_96425_6_;;dcove=d;sz=300x250;abr=!i[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HQ7ODQ3\adlink%7C500%7C1253272%7C0%7C170%7CAdId%3D2211761%3BBnId%3D1%3Bitime%3D385664617%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Brsi%3D10040%2Brsi%3D10057%2Brsi%3D10078%2Brsi%3D10119%2B%3B[1] not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HQ7ODQ3\adlink%7C500%7C1253279%7C0%7C170%7CAdId%3D2163646%3BBnId%3D1%3Bitime%3D385545158%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Brsi%3D10040%2Brsi%3D10057%2Brsi%3D10078%2B%3Blink%3D;ord=38[1] not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HQ7ODQ3\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HQ7ODQ3\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[2].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HQ7ODQ3\keywords;kw=album;cat=550;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=20147;items=222;sz=728x90;tile=1;ord=1237[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HQ7ODQ3\keywords;kw=album;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=11233;items=83792;sz=160x600;tile=3;ord=123713807[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0VWFYHO3\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=72;sz=160x600;tile=3;ord=123[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TIR452N\arts_crafts_supplies;sz=728x90;sn=12898831;s=16;s=108;s=12;s=32;s=92;s=67;s=128;s=3;s=97;s=142;s=22;s=29;s=26;s=m1;u=e3dd3703761a486d875d8b4ccc17a1ae;z=672;z=681;tile=2;[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TIR452N\arts_crafts_supplies;sz=728x90;sn=262678011;s=16;s=108;s=12;s=32;s=92;s=67;s=128;s=3;s=97;s=142;s=22;s=29;s=26;s=m1;u=019f602d036142df92937ee986aa4182;z=672;z=681;tile=2[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TIR452N\keywords;kw=hen;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=11700;items=18823;sz=160x600;tile=3;ord=12371379424[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0QUMB20H\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0QUMB20H\keywords;kw=album;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=11233;items=83792;sz=728x90;tile=1;ord=1237138073[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PIZWP6F\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PIZWP6F\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[2].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0PIZWP6F\__hen-night-book_W0QQType28035aZHenStagNightsfcc93f6bQQ_dmptZUKQ5fHomeQ5fGardenQ5fCelebrationsQ5fOccasionsQ5fETQQ_flnZ1QQ_ssovZ1QQ_trksidZp3286Q2ec0Q2em282[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J7ZISXL\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmN[1].adNoOp&fr=csc_ymailm&modid=none not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J7ZISXL\cardmaking_and_scrapbooking;cat=14339;cat=11788;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=75572;items=163965;[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J7ZISXL\Enchanted-Keepsakes_Hen-Stag-Nights-hen-night-book_W0QQftsZ1QQsaselZ159435071QQsatitleZHenQ20Q26Q20StagQ20NightsQ20henQ20nightQ20bookQQsofpZ0QQ_trksidZp3286.c0[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J7ZISXL\fgAdyTsOwjAMgGGzMHKTxiZVAmVgYmFgZ0NW5D5QH1FilJv0mlwBle3_9H-f18cKKxz2OwiJW33lT4zjIBl61XhBLKWYkIRV2iWNkrMJy4T3WSWFnudObqyMw8SdZLRoic5Izjb_IlcfyVLjar-x2kbl3cmbd-wAfg__[1].jpg not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\;sdccat=96425;kw=hen+night+cheap+album+memories+book;cnt=gb;page=xdn;gen=null;type=null;tile=4;loc=top;zr=n;ct=;u=tJMSxn1FNq_DSSM_96425_6_;;dcove=d;sz=300x250;abr=!ie;or[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbG0EaXNleHQDMARpdANzaG9ydGN1dHM6L3VzL2luc3RhbmN[1].adNoOp&fr=csc_ymailm&modid=none not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\cAB731RydBrDNIa521gYcjOLk1NzchLzUvNLixkySkoKrPT1jQws9CzN9IxN9AyNjfSLS_KLUuMzcxPTU4v1HXMT81IS432T3VNT9R19neOdM1KLiiqd8_Ozk4A43jEnqTQ33tc7xD3e0NRAL6sgnYEBAA__[1].jpg not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[2].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\click,fstgADCtCACOwBsA9w0JAAIADAAAAP8AAAAHCwIAAgMy8gwAOisHAH37DAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ[1].php%3Fn%3Dae8f7aa5%26zoneid%3D4%26cb%3Dinsert_random_number_here,;ord=1236422040 not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\keywords;kw=hen+night+book;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16086;items=72;sz=728x90;tile=1;ord=1237[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\0DUZGXEN\keywords;kw=hen;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=11700;items=18823;sz=728x90;tile=1;ord=123713794243[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\09YJW9AR\adlink%7C500%7C1253279%7C0%7C170%7CAdId%3D2163632%3BBnId%3D3%3Bitime%3D444168457%3Bkey%3Dkey1%2Bkey2%2Bkey3%2Brsi%3D10040%2Brsi%3D10057%2Brsi%3D10078%2B%3Blink%3D;ord=44[1] not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\09YJW9AR\cardmaking_and_scrapbooking;cat=14339;cat=11788;cat=33875;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=16499;ite[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\09YJW9AR\click,VaUDALT3BwCm4xkAu94HAAIABmgAAP8AAAAEDwIABgKMrgEAoFsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI7-wEkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15m51jffb%2FM%3D715481[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\09YJW9AR\keywords;kw=album;cat=625;dcopt=ist;seg=GL_Unidentified_User;seg=GL_GenderUnknown_Mar06;seg=GL_Buyers_GMB_0to50_last90days;tcat=43478;items=2549;sz=728x90;tile=1;ord=123[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Internet Files\Content.IE5\09YJW9AR\showletter;_ylc=X3oDMTUxNzA2YmRzBEFjdGlvbgNWaWV3IG1lc3NhZ2UESW50bAN1cwRMbmtUeXADUmVndWxhcgRQYXJ0VHlwZQNZYWhvbyEEUmVzUG9zQQMxBFJlc1Bvc1IDMQRTcmNoQ3VycgNtZXNzYWdlBFNyY2hEZ[1].htm not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 7 for T.P. Folders 1 2 3 (Flow Diagrams and Evaluations).zip\T.P. Folders 1 2 3 (Flow Diagrams and Evaluations)\TP 2 *****\Integrated Flow Diagrams TP 2 *****\Australia_Week4_integratedflowdiagr not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 7 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons week 2\Tuesday\28thApril_Gaeilge2_bdinan.doc not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 6 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons week 2\Wednesday\29April_English2_bdinan.doc not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 5 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons Week 1\Friday\24April_VisualArt_bdinan.doc not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 4 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons week 2\Friday\01May_History2_bdinan.doc not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 3 for T.P. Folders 1 2 3 (Flow Diagrams and Evaluations).zip\T.P. Folders 1 2 3 (Flow Diagrams and Evaluations)\TP 2 *****\Integrated Flow Diagrams TP 2 *****\Italy_Week3_integratedflowdiagram_b not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 3 for 3rd+Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons Week 1\Icarus\Pics Animals (small).docx not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 3 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons week 2\Wednesday\14May_English2_bdinan.doc not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 2 for T.P. Folders 1 2 3 (Flow Diagrams and Evaluations).zip\T.P. Folders 1 2 3 (Flow Diagrams and Evaluations)\TP 2 *****\Integrated Flow Diagrams TP 2 *****\Ireland_Week2_integratedflowdiagram not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 2 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons week 2\Wednesday\29April_English2_bdinan.doc not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 13 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons Week 1\Icarus\Use This One - The story of Icarus and Daedal not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 12 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons week 2\Thursday\30April_History_bdinan.doc not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 10 for T.P. Folders 1 2 3 (Flow Diagrams and Evaluations).zip\T.P. Folders 1 2 3 (Flow Diagrams and Evaluations)\TP 2 *****\Integrated Flow Diagrams TP 2 *****\Ireland_Week2_integratedflowdiagra not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 1 for 3rd+Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons Week 1\Icarus\Use This One - The story of Icarus and Daedalu not found!
File\Folder C:\Documents and Settings\*****\Local Settings\Temp\Temporary Directory 1 for 3rd Class_Weather1_Weather2_Food_Australia.zip\3rd Class_Weather1_Weather2_Food_Australia\Lessons TP1 Weeks 1-4\Lessons Week 1& 2\Lessons week 2\Wednesday\14May_English2_bdinan.doc not found!

Registry entries deleted on Reboot...



•OTL.txt
OTL logfile created on: 26/04/2012 19:48:54 - Run 2
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Documents and Settings\*****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

502.37 Mb Total Physical Memory | 20.28 Mb Available Physical Memory | 4.04% Memory free
1.20 Gb Paging File | 0.58 Gb Available in Paging File | 48.41% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.68 Gb Total Space | 23.37 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
Drive D: | 17.21 Gb Total Space | 13.35 Gb Free Space | 77.58% Space Free | Partition Type: NTFS
Drive E: | 702.52 Mb Total Space | 622.91 Mb Free Space | 88.67% Space Free | Partition Type: UDF

Computer Name: BRID | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\interwise\participant\pull.exe (AT&T Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset .exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVG Secure Search\iGearedHelper.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files\interwise\participant\IwReg.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()


========== Win32 Services (SafeList) ==========

SRV - (VAIOMediaPlatform-VideoServer-UPnP) -- %systemroot%\system32\PTproct.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NTPASp50) -- C:\WINDOWS\system32\drivers\NtpaSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=5061031
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=5061031
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=5061031
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row&channel=ie&ibd=5061031
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes,DefaultScope = {A131B419-DE4F-4CA9-844A-94D1A75DC5C2}
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{8B31CEF1-67C5-4915-983D-2D16B0611BC7}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-10 10:35:25&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{A131B419-DE4F-4CA9-844A-94D1A75DC5C2}: "URL" = http://www.google.ie...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{B8DEB18F-AE7A-4851-9E04-D34F4FE898B3}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{CFD859C2-C194-442A-B7D6-0CAD0CF7BF06}: "URL" = http://uk.search.yah...f-8&fr=chr-yie8
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 16:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/22 10:29:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 11:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/05 17:44:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 16:09:59 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\*****\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: No name found = C:\Documents and Settings\*****\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/04/24 19:07:33 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe File not found
O4 - HKLM..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r File not found
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe (Dell Inc)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini File not found
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless File not found
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" File not found
O4 - HKLM..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start File not found
O4 - HKLM..\Run: [PMX Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup File not found
O4 - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting .exe File not found
O4 - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found
O4 - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Push Client.LNK = C:\Program Files\interwise\participant\pull.exe (AT&T Inc.)
O4 - Startup: C:\Documents and Settings\*****\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3423553026-1073689676-2149870915-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://maps.corkcoco...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49087723-D607-4AE7-A1D8-8477E736CACD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\*****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\*****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 19:19:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 19:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/04/26 19:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2012/04/26 19:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2012/04/26 19:11:44 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\*****\Desktop\MCPR.exe
[2012/04/25 16:36:17 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/24 21:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\*****\Application Data\SUPERAntiSpyware.com
[2012/04/24 21:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/24 21:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/24 21:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/24 21:26:12 | 016,111,872 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\*****\Desktop\SUPERAntiSpyware.exe
[2012/04/24 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\*****\My Documents\Simply Super Software
[2012/04/24 18:37:52 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\WINDOWS\System32\ztv7z.dll
[2012/04/23 21:23:21 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\*****\Desktop\aswMBR.exe
[2012/04/23 17:31:20 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\*****\Desktop\WinsockxpFix.exe
[2012/04/23 17:30:42 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\*****\Desktop\OTL.exe
[2012/04/22 09:39:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\*****\Recent

========== Files - Modified Within 30 Days ==========

[2012/04/26 19:46:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3423553026-1073689676-2149870915-1006.job
[2012/04/26 19:41:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 19:41:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/26 19:41:49 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 19:13:03 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\*****\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2012/04/26 19:09:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 19:05:14 | 000,337,321 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\FSS.exe
[2012/04/26 19:04:29 | 000,229,672 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\CrucialScan.exe
[2012/04/26 18:51:31 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\McAfee Security Center.lnk
[2012/04/26 18:46:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/25 18:25:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\08-01-2011_182552.job
[2012/04/25 16:36:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/24 21:52:53 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\*****\Desktop\MCPR.exe
[2012/04/24 21:47:01 | 000,823,346 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\USBVaccine.zip
[2012/04/24 21:38:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/24 19:28:18 | 016,111,872 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\*****\Desktop\SUPERAntiSpyware.exe
[2012/04/24 19:07:33 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/23 21:26:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\MBR.dat
[2012/04/23 21:09:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\*****\Desktop\aswMBR.exe
[2012/04/23 17:25:58 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\gmer.zip
[2012/04/23 17:22:23 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\*****\Desktop\OTL.exe
[2012/04/23 16:25:08 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\*****\Desktop\WinsockxpFix.exe
[2012/04/22 21:59:24 | 000,391,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/22 21:59:24 | 000,058,570 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/22 21:37:10 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\hosts-perm.bat
[2012/04/22 21:28:30 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/04/22 10:11:39 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/22 03:00:02 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job
[2012/04/21 19:20:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/21 19:07:34 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\rkill.com
[2012/04/21 15:19:39 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3423553026-1073689676-2149870915-1006.job
[2012/04/21 14:14:42 | 004,166,057 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\horse matching.pdf
[2012/04/21 14:12:49 | 006,380,752 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\jack in box shape matching.pdf
[2012/04/21 14:08:45 | 002,401,949 | ---- | M] () -- C:\Documents and Settings\*****\Desktop\animals and their homes matching.pdf
[2012/04/21 10:57:29 | 095,812,717 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/20 16:41:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/18 18:58:21 | 000,287,108 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/14 21:15:25 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 23:17:04 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/11 22:57:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/26 19:13:03 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\*****\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2012/04/26 19:11:44 | 000,823,346 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\USBVaccine.zip
[2012/04/26 19:11:44 | 000,337,321 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\FSS.exe
[2012/04/26 19:11:44 | 000,229,672 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\CrucialScan.exe
[2012/04/26 19:11:44 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\McAfee Security Center.lnk
[2012/04/24 21:38:27 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/24 21:11:06 | 526,843,904 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/24 18:37:52 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar39.dll
[2012/04/24 18:37:52 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2012/04/24 18:37:52 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2012/04/24 18:37:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2012/04/24 18:37:52 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2012/04/23 21:26:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\MBR.dat
[2012/04/23 17:30:23 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\gmer.zip
[2012/04/22 21:57:54 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\hosts-perm.bat
[2012/04/22 00:18:52 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/04/21 19:07:32 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\rkill.com
[2012/04/21 14:14:42 | 004,166,057 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\horse matching.pdf
[2012/04/21 14:12:49 | 006,380,752 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\jack in box shape matching.pdf
[2012/04/21 14:08:45 | 002,401,949 | ---- | C] () -- C:\Documents and Settings\*****\Desktop\animals and their homes matching.pdf
[2012/04/06 10:27:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3423553026-1073689676-2149870915-1006.job
[2012/02/15 11:00:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/09 17:28:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2011/08/01 20:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2011/08/01 18:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2012/03/05 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/11/23 00:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/08/01 19:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/08/01 20:26:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/01 19:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/29 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/03/31 17:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/04/26 19:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2009/03/31 17:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/11/18 19:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/06 14:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/28 18:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/12/10 11:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\AVG Secure Search
[2011/08/02 18:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\AVG10
[2008/10/20 19:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Interwise
[2006/11/02 19:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Leadertech
[2008/04/14 18:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\LimeWire
[2009/12/29 19:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\NCH Swift Sound
[2009/03/31 18:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Nuance
[2006/11/17 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\*****\Application Data\Template
[2009/09/11 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/04/25 18:25:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\08-01-2011_182552.job
[2010/06/28 02:00:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job
[2012/01/31 02:00:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Data Collection.job
[2012/04/22 03:00:02 | 000,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB57769$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


•FSS.txt
Farbar Service Scanner Version: 24-04-2012
Ran by ***** (administrator) on 26-04-2012 at 20:21:07
Running from "C:\Documents and Settings\*****\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Avgtdix(17) Gpc(6) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x10000000040000000100000002000000030000000F0000000E0000000D0000001100000005000000060000000700000008000000090000000A0000000B0000000C000000
Attention! IpSec Tag value should be 4. Attention! IpSec Tag value is missing and it should be 4.

**** End of log ****
  • 0

#7
Nedklaw
Posted 28 April 2012 - 08:08 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

  • Download ERUNT.
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
  • Install ERUNT by following the prompts.
    (Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
  • Start ERUNT.
    (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
  • Choose a location for the backup.
    (The default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked.
  • Press OK.
  • Press YES to create the folder.
Posted Image


Step 2

  • Please go to Start > Run.
  • Type services.msc and click OK.
  • Click on the Internet Connection Sharing (ICS) service.
  • Under startup type select Automatic.
  • Click Apply then OK.

Step 3

  • Download and extract the follwing files to your desktop: Attached File  Services.zip   2.01KB   112 downloads
  • Please go to Start > Run (alternatively use Windows key+R), type regedit and click OK.
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root.
  • Right-Click Root and select Permissions...
  • Under Security type while Everyone is selected put a checkmark in the box under Allow next to Full Control.
  • Click Apply and OK.
  • Now double-click ipsec.reg, wscsvc.reg and legacy_wscsvc.reg and confirm the prompt.
  • Please go back to the the Root key again while Everyone is selected remove the checkmark in the box under Allow next to Full Control and close the registry.

Step 4

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

ipsec.sys

Click the Search Files button and post the log (FSS.txt) it makes to your reply.


Things I want to see in your next reply

  • FSS.txt
  • 0

#8
dbid
Posted 28 April 2012 - 09:53 AM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,
I downloaded and ran erunt. I then went to Start>Run and typed in services.msc but on the services list I could not find Internet Connection Sharing (ICS) service. I stopped at this stage as I did not want to continue with the other steps without performing this step. Any help would be greatly appreciated.
Thank you very much
  • 0

#9
Nedklaw
Posted 28 April 2012 - 03:30 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Look for a service called Windows Firewall/Internet Connection Sharing (ICS) instead.

Edited by Nedklaw, 28 April 2012 - 03:31 PM.

  • 0

#10
dbid
Posted 29 April 2012 - 12:11 PM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you again, Please find below as requested fss.txt


Farbar Service Scanner Version: 24-04-2012
Ran by *****(administrator) on 29-04-2012 at 19:04:10
Microsoft Windows XP Home Edition Service Pack 3 (X86)

************************************************
======== Search: "ipsec.sys" =========

C:\WINDOWS\system32\drivers\ipsec.sys
[2008-09-20 00:53] - [2008-04-13 20:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\system32\dllcache\ipsec.sys
[2008-09-20 00:53] - [2008-04-13 20:19] - 0075264 ____A (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008-09-20 00:53] - [2008-04-13 20:19] - 0075264 ____N (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2009-07-13 20:04] - [2004-08-04 06:00] - 0074752 ____C (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\i386\ipsec.sys
[2006-11-04 21:03] - [2004-08-04 06:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

====== End Of Search ======
  • 0

Advertisements

#11
Nedklaw
Posted 29 April 2012 - 12:18 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Is your internet connection on the computer working now?


Please run Farbar Service Scanner again.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things I want to see in your next reply

  • Answer to my question
  • FSS.txt
  • 0

#12
dbid
Posted 29 April 2012 - 12:51 PM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes, my internet connection is now working thank you so much. Is there anything else I should do now? I really appreciate all your assistance.
Please find below as requested fss.txt

Farbar Service Scanner Version: 24-04-2012
Ran by *****(administrator) on 29-04-2012 at 19:48:05
Running from "C:\Documents and Settings\*****\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Avgtdix(17) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x10000000040000000100000002000000030000000F0000000E0000000D0000001100000005000000060000000700000008000000090000000A0000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#13
Nedklaw
Posted 29 April 2012 - 03:28 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
We just have to do some scans now to catch any leftover malware.
How is your system running? Are you experiencing any problems?


Step 1

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • MBAM Log
  • log.txt
  • 0

#14
dbid
Posted 30 April 2012 - 12:01 PM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,
Thank you very much for your continued help and guidance. I really really appreciate it.
My computer seems to be ok now although it is a little slow and I am still getting the following popup:
AVG Resident Shield Alert
Threat detected!
File Name: c:\_OTL\MovedFiles\04262012_191949\C_Documents and Settings\*****\Local Settings\Application Data\pfioahpvsu.exe
Threat name: Trojan Horse FakeAV_s.T (Detected on Open)

Please find below Mbam.txt and Log.txt

Mbam.txt
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: ***** [administrator]

30/04/2012 16:23:19
mbam-log-2012-04-30 (16-23-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219028
Time elapsed: 31 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Log.txt
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f70613e3363e314b8539b382bc7a6c21
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-30 05:47:41
# local_time=2012-04-30 06:47:41 (+0000, GMT Daylight Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777173 100 95 4709 78974175 0 0
# compatibility_mode=8192 67108863 100 0 577 577 0 0
# scanned=82352
# found=0
# cleaned=0
# scan_time=5250
  • 0

#15
dbid
Posted 30 April 2012 - 02:06 PM

dbid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,

I also got the following popup:
AVG Resident Shield Alert
Threat detected!
File Name: c:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0005099.sys
Threat name: Trojan horse Cryptic.EAY (Detected on Open)

Any advice would be welcome, Thank you so much
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP