[dowsp]

Up date so far,

I started by testing the bottom half of the options and enabling them, and the computer
seemed to run quite well.

I then selected and enabled the top half... this seemed to be effected and work less well.

I am now down to 3 options that I have selected out of the top half and I did find that
the computer did still show the problems that I initially had when I contacted you.

The options that I am using at the moment that are enabled are as follows.

Java Quick starter, shown as running
K service shown as Stopped
Microsoft Antimalware shown as running

I will have to try each one seperately,

Unless you think that you may have an idea which it is most likely to be..that would
cause flickering of the curser and lock up or freeze pages from closing / opening.

Will take a few more trial tests over the next day or so..

Thank you

Dowsp

[Advertisements]

You can safely disable both of the below services.

Java Quick starter, shown as running
K service shown as Stopped

Unless you think that you may have an idea which it is most likely to be..that would
cause flickering of the curser and lock up or freeze pages from closing / opening.

What browser are you currently using?

[Salagubang]

You can safely disable both of the below services.

Java Quick starter, shown as running
K service shown as Stopped

Unless you think that you may have an idea which it is most likely to be..that would
cause flickering of the curser and lock up or freeze pages from closing / opening.

What browser are you currently using?

[dowsp]

Hi Sal,

I will try and compare the two you suggest I disable...
I am not sure what Java quick start is... YOU did have me change my origional Java.
IS Java quickstart a seperate program ?

I have no idea what K service is !



My main browswer is still IE6 ... I am overall quite happy using it and dont wish to
immediately update to IE 7 or 8...

I also have Firefox which as far as I know has been updated

----------------------------------------
What browser are you currently using?

[Salagubang]

I will try and compare the two you suggest I disable...
I am not sure what Java quick start is... YOU did have me change my origional Java.
IS Java quickstart a seperate program ?

Java Quick Starter enables java to quickload (whenever required) by prefetching part of the program in the memory, even when not in use.

I have no idea what K service is

K service is a bit dodgy as it is a component of a peer to peer programs (p2p) and acts as a server. I don't recommend turning on this service at all.

My main browswer is still IE6 ... I am overall quite happy using it and dont wish to
immediately update to IE 7 or 8...

I also have Firefox which as far as I know has been updated

----------------------------------------
What browser are you currently using?

Funny that you ask since I was going to recommend you use another browser if IE is giving you headaches. Personally I have Firefox and Google installed as a backup (never bothered with IE). For faster and convenient browsing, I recommend Google Chrome. I use firefox only for the add-ons.

[dowsp]

Hi Sal,

From my previous recent replies, I did say that I thought that I may had discovered
which system configuration /services options may had been causing my problem when I switched
certain ones on and off and tested running them.

Well, since then I did try again testing others in more detail..
and some seemed to work in my favour , but lately that no longer seems to be the case.

The problem that I had before seems to be back..

I have even tried switching ALL the options OFF, and I am still getting pages that
freeze up or wont close when I want them to without getting a message that I had to click
, something like "End Now "... and even then pages dont always close, or at least not
for a minute or two after I clicked it.

SO I suspect that the problem may be elsewhere..

I just wondered if you may have any other suggestions or maybe want me to recheck some things.

Thank you

Dowsp

[Salagubang]

Hi dowsp,

What is the make and model of the laptop. Would it be alright if we perform a system recovery?

[dowsp]

Hi Sal,

The Laptop is a Dell Inspiron 510m model..

I have had it about 5 years.

I am not too sure what the system recovery may involve, BUT if you mean to
just go back a week or two to what the computer was like, then that may be ok.

BUT if your suggesting that you can only do system restore back 12months to 5 years ago
then IF possible I would like to consider alternative options.

Thank you
Dowsp

[dowsp]

Hi Sal,

Just checking if you got my reply

Thanks

Dowsp

[Salagubang]

Reviewing the past logs for clue.

Can you please post a fresh OTL log.

[dowsp]

Hi Sal,

I just ran OTL, but it has only created one TXT document...ie OTL.Txt ...

It didnt produce the Extras.txt file for some reason.

Maybe it is because I have my msconfig files disabled..

The OTL.txt file however seems to be very large and I will have to do a lot
of editing before I post it on this forum as there are some parts of the text
I dont really want to show in public.. Id send it via private message if I could,
but I think my mail box is full..so i dont think I can send anything until I delte some
posts.. which Id rather not for now.

Thanks

Dowsp


==============================

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click on Minimal Output at the top

Select All Users

Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"

Double click inside the Custom Scan box at the bottom

A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"

Click the Ok button and navigate to the file scan.txt which we just saved to your desktop

Select scan.txt and click Open. Writing will now appear under the Custom Scan box

Click the
Quick Scan
button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Salagubang]

Hi,

You can upload the file at any file hosting website then you may just post the link, i.e., www.mediafire.com. (We'll just delete the link once I've downloaded the file).

[dowsp]

Hi Sal,

I may consider doing that ...

otherwise another alternative may be to ask can I delete some large parts of
the file.. that you may not require, such as theres a large list of my document
files that have some details I dont want to post..This is the largest part that I am having to
delete certain details on each line ..

these type of files as an eg which may take 25 to 30% of the file...

I will keep all other inbetween files included when I post...

thks

Dowsp


[2011/04/12 16:43:38 | 000,012,180 | ---- | M] () -- C:\Documents and Settings\P \My Documents\Lowest House Prices.rtf
[2011/04/12 01:04:01 | 000,006,402 | ---- | M] () -- C:\Documents and Settings\P\My Documents\ personality.rtf
[2011/04/11 22:28:23 | 000,030,770 | ---- | M] () -- C:\Documents and Settings\P \My Documents\Spam Arrest.GIF

Edited by dowsp, 20 April 2011 - 07:37 PM.

[dowsp]

Hi Sal,

I have removed some parts, but most I believe should be valid for you to check.

hope its OK

Cheers

Dowsp

---------------------


OTL logfile created on: 22/04/2011 01:47:42 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\P\Desktop\OTL
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 199.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.43 Gb Total Space | 3.26 Gb Free Space | 9.47% Space Free | Partition Type: NTFS

Computer Name: DGR76K1J | User Name: P | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\P\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe (EMC Dantz)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\SYSTEM32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\SYSTEM32\RegSrvc.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\P\Desktop\OTL\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (KService) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (PCToolsFirewallPlus) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (RetroLauncher) -- C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe (EMC Dantz)
SRV - (dlbt_device) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (S24EventMonitor) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe (Intel Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKslb6c8fc90) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{755E24C0-D5CC-4624-BA5B-AC5FCED9BB45}\MpKslb6c8fc90.sys (Microsoft Corporation)
DRV - (pctplfw) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctplfw.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTAppEvent.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys (PC Tools)
DRV - (SFilter) -- C:\WINDOWS\SYSTEM32\DRIVERS\pctfw.sys (PC Tools)
DRV - (is-0GOKVdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\30229470.sys (Kaspersky Lab)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (ApfiltrService) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\stac97.sys (SigmaTel, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Inc)
DRV - (w70n51) Intel® -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys (THOMSON)
DRV - (HSFHWICH) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.group...oup/dowtimings/
IE - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://finance.group...o.com/group/d/"
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.29
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.0.9
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.0.3

FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2009/02/19 04:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/02/19 04:24:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 01:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/29 01:06:52 | 000,000,000 | ---D | M]

[2009/02/19 04:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peteri\Application Data\Mozilla\Extensions
[2009/02/19 04:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter \Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/04/08 03:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter \Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions
[2011/02/10 01:07:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter \Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/10 01:07:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Peter \Application Data\Mozilla\Firefox\Profiles\ejftmv6o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/16 15:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 20:39:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/08 03:24:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/02/19 13:57:30 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\DOCUMENTS AND SETTINGS\PETER \APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}
[2009/02/19 14:00:24 | 000,000,000 | ---D | M] (Web Developer) -- C:\DOCUMENTS AND SETTINGS\PETER \APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}
[2009/02/19 13:55:35 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\DOCUMENTS AND SETTINGS\PETER \APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}
[2009/02/19 13:51:44 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\DOCUMENTS AND SETTINGS\PETER \APPLICATION DATA\FLOCK\BROWSER\PROFILES\2YE63TKW.DEFAULT\EXTENSIONS\SEO4FIREFOX@SEOBOOK.COM
[2011/04/08 03:24:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/05 03:26:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4027630464-2353770844-1092200819-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} http://housecall60.t...all/xscan60.cab (HouseCall Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/US...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\system32\LgNotify.dll - C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\IAC25_32.AX (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\ICCVID.DLL (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.AX (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "KService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe - (TechSmith Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Peter ^Start Menu^Programs^Startup^is-0GOKV.lnk - C:\Documents and Settings\Peter \Desktop\Virus Removal Tool2\is-0GOKV\startup.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Peter ^Start Menu^Programs^Startup^Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Peter ^Start Menu^Programs^Startup^Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE - ()
MsConfig - StartUpReg: 00PCTFW - hkey= - key= - C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
MsConfig - StartUpReg: AOL Spyware Protection - hkey= - key= - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe (AOL Spyware Protection)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Dell Photo AIO Printer 922 - hkey= - key= - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe ()
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: dla - hkey= - key= - File not found
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GoToMeeting - hkey= - key= - C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: PRONoMgr.exe - hkey= - key= - C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpeedTouch USB Diagnostics - hkey= - key= - C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Tesco internet phone - hkey= - key= - C:\Program Files\Tesco internet phone\TescoIP.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 23:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Sett\Application Data\eBookPro6
[2011/04/08 17:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\computer help
[2011/04/08 03:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/08 03:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/04/08 03:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/04/08 02:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\Java update
[2011/04/05 05:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\combofix
[2011/04/05 04:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \My Documents\OTL files
[2011/04/05 03:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\Security Check
[2011/04/05 03:29:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/05 03:24:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/05 01:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\scantxt2
[2011/04/04 21:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\New Folder
[2011/04/04 18:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/04/04 17:47:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\Dial a fix
[2011/04/04 00:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/02 23:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/02 06:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\GMER
[2011/04/02 05:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\Scan txt
[2011/04/02 04:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\OTL
[2011/04/02 04:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/02 04:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/02 04:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \Desktop\Erunt
[2011/03/26 18:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \My Documents\Mar24th11
[2011/03/26 16:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\Downloads
[2011/03/26 03:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter \My Documents\The Traffic Thief
[2011/03/25 17:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee

========== Files - Modified Within 30 Days ==========

[2011/04/22 01:14:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/04/22 01:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 23:00:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/21 22:54:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/21 22:53:19 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/21 22:53:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/21 22:52:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/21 22:52:49 | 535,064,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/21 22:09:35 | 016,123,604 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/04/21 22:09:31 | 1377,429,536 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/04/20 23:26:36 | 000,000,059 | ---- | M] () -- C:\WINDOWS\ANS2000.INI
[2011/04/20 23:26:34 | 000,000,020 | -H-- | M] () -- C:\WINDOWS\akebook.ini
[2011/04/20 23:26:34 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\a3kebook.ini
[2011/04/20 20:16:25 | 000,006,190 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\As.rtf
[2011/04/20 15:35:25 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2011/04/20 15:27:52 | 000,003,841 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Quantum Teleportation.rtf
[2011/04/16 22:23:04 | 000,000,673 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2011/04/16 15:39:43 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Megabus Man to lon 16th April 2011.bmp
[2011/04/16 03:51:02 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Nat express OLd website.rtf
[2011/04/16 00:30:15 | 000,064,336 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Lon to Heathrow Apr 16th 11.GIF
[2011/04/16 00:02:50 | 000,086,486 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Nat Exp 16th April to 17th 11...3.GIF
[2011/04/15 23:08:02 | 000,037,019 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Nat Exp 16th April to 17th 11.....2.GIF
[2011/04/15 23:04:34 | 000,070,421 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Nat Exp 16th April to 17th 11.GIF
[2011/04/15 22:26:22 | 000,042,074 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\London April 16th 2011.GIF
[2011/04/15 02:50:54 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Area 51 F15 over Arizona.bmp
[2011/04/15 02:39:19 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Underground Tunnel.bmp
[2011/04/14 13:51:39 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Sys config message.bmp
[2011/04/14 01:53:35 | 000,002,781 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Traffic Generation Summit Schedule.rtf
[2011/04/13 04:05:00 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Opportunity Avenue.bmp
[2011/04/12 23:51:34 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Sexy babe.bmp
[2011/04/12 16:43:38 | 000,012,180 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Lowest House Prices.rtf
[2011/04/12 01:04:01 | 000,006,402 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\ personality.rtf
[2011/04/11 22:28:23 | 000,030,770 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Spam Arrest.GIF
[2011/04/10 22:59:57 | 000,098,043 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Cheadle builders.GIF
[2011/04/10 20:17:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Chris cobb event.bmp
[2011/04/10 20:15:38 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Jim mcdonald.bmp
[2011/04/10 12:52:39 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\LCS case study 10.bmp
[2011/04/10 12:24:17 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 9.bmp
[2011/04/10 12:23:21 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 8.bmp
[2011/04/10 12:20:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 7.bmp
[2011/04/10 12:14:51 | 001,561,734 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 6.bmp
[2011/04/10 12:14:20 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\LCS case study 5.bmp
[2011/04/10 12:12:38 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 4.bmp


[2011/04/10 12:11:26 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 3.bmp
[2011/04/10 12:09:33 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 2.bmp
[2011/04/10 12:08:26 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LCS case study.bmp
[2011/04/10 12:04:38 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\why google local.bmp
[2011/04/10 11:57:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\LCS get multiple locations.bmp
[2011/04/10 11:52:14 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LBL..google loc bus opt.bmp
[2011/04/10 11:49:42 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\LPL get google local listing to perform.bmp
[2011/04/10 11:47:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local client solutions..need local listing.bmp
[2011/04/10 11:44:41 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local client solutions 2.bmp
[2011/04/10 11:42:19 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\Local client solutions.bmp
[2011/04/10 11:41:25 | 000,003,735 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\Local client solutions.rtf
[2011/04/10 11:29:37 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps34.bmp
[2011/04/10 11:19:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps33.bmp
[2011/04/10 11:19:25 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gp32.bmp
[2011/04/10 11:17:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gp31.bmp
[2011/04/10 11:16:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps31.bmp
[2011/04/10 11:16:19 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps30.bmp
[2011/04/10 11:15:11 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps29.bmp
[2011/04/10 11:14:43 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps28.bmp
[2011/04/10 11:12:46 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter y Documents\gps27.bmp
[2011/04/10 11:09:04 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps26.bmp
[2011/04/10 11:08:38 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps25.bmp
[2011/04/10 11:07:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps23.bmp
[2011/04/10 11:04:59 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\gps22.bmp
[2011/04/10 11:03:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps21.bmp
[2011/04/10 11:03:14 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps20.bmp
[2011/04/10 11:01:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps19.bmp
[2011/04/10 10:57:42 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps18.bmp
[2011/04/10 10:54:24 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps16.bmp
[2011/04/10 10:53:45 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps15.bmp
[2011/04/10 10:52:39 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps14.bmp
[2011/04/10 10:49:28 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps13.bmp
[2011/04/10 10:47:00 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps12.bmp
[2011/04/10 10:46:05 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps11.bmp
[2011/04/10 10:42:37 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps10.bmp
[2011/04/10 10:40:29 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps9.bmp
[2011/04/10 10:35:09 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps8.bmp
[2011/04/10 10:32:31 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps7.bmp
[2011/04/10 10:29:59 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps6.bmp
[2011/04/10 10:27:40 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps5.bmp
[2011/04/10 10:26:39 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps4.bmp
[2011/04/10 10:24:21 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gps3.bmp
[2011/04/10 10:21:01 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\gps1.bmp
[2011/04/10 01:14:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\lady.bmp
[2011/04/09 23:58:01 | 000,041,073 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Nat exp 9th April 2011 Man to Lon return.GIF
[2011/04/09 23:05:22 | 000,031,958 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Nat express London to Heathrow return 9th April 11.GIF
[2011/04/09 19:38:05 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\GP10.bmp
[2011/04/09 19:20:54 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\gp3.bmp
[2011/04/08 23:41:31 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Stock Market screen.bmp
[2011/04/08 18:54:19 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Mark Vurnum webinar April 8th 11.bmp
[2011/04/08 17:29:47 | 000,013,188 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\MSconfig.rtf
[2011/04/08 05:02:45 | 000,002,296 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\geekstogo instructions.rtf
[2011/04/07 21:59:36 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local business mastery.bmp
[2011/04/07 20:02:37 | 000,039,696 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Aqua phone no.GIF
[2011/04/07 01:10:36 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 6.bmp
[2011/04/07 01:05:56 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 5.bmp
[2011/04/07 00:57:49 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 4.bmp
[2011/04/07 00:35:02 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 3.bmp
[2011/04/07 00:13:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 2.bmp
[2011/04/06 23:16:54 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\Local business Mark vurnum.bmp
[2011/04/06 22:25:12 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Durdle door.bmp
[2011/04/06 22:19:46 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\Dorset Durdle Door Man o war.bmp
[2011/04/06 21:27:13 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\South West England.bmp


[2011/04/05 03:26:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/04/04 20:30:57 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/04/04 20:30:57 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/04/04 05:41:42 | 034,578,376 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\PJKbook.pdf
[2011/04/03 15:04:51 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Peter \g2mdlhlpx.exe
[2011/04/03 01:47:27 | 000,027,867 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\WPmage UN ...
[2011/04/02 09:16:38 | 000,104,783 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\CF msg.GIF
[2011/04/02 07:08:35 | 000,060,339 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\OTL alt.rtf
[2011/04/02 04:43:33 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Peter \Desktop\NTREGOPT.lnk
[2011/04/02 04:43:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Peter \Desktop\ERUNT.lnk
[2011/03/28 06:25:15 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\nanacontinuity.bmp
[2011/03/28 01:53:32 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/03/28 01:53:31 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/03/27 07:28:39 | 000,105,214 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Porter Stansbery.rtf
[2011/03/27 06:34:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter My Documents\Gov debt chart.bmp
[2011/03/27 05:02:57 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Products that sell on webinars.bmp
[2011/03/27 04:11:44 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Local business Webinar.bmp
[2011/03/27 04:05:28 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Joel Peterson.bmp
[2011/03/26 22:49:32 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Peter \My Documents\Grand canyon ....bmp

========== Files Created - No Company Name ==========

[2011/04/20 23:26:34 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2011/04/20 23:26:34 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2011/04/20 23:26:34 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini




[2011/04/20 20:16:25 | 000,006,190 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\A.rtf
[2011/04/20 15:27:51 | 000,003,841 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Quantum Teleportation.rtf
[2011/04/16 15:36:35 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Megabus Man to lon 16th April 2011.bmp
[2011/04/16 03:51:01 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Nat express OLd website.rtf
[2011/04/16 00:28:42 | 000,064,336 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Lon to Heathrow Apr 16th 11.GIF
[2011/04/16 00:02:48 | 000,086,486 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Nat Exp 16th April to 17th 11...3.GIF
[2011/04/15 23:06:38 | 000,037,019 | ---- | C] () -- C:\Documents and Settings\Peter y Documents\Nat Exp 16th April to 17th 11.....2.GIF
[2011/04/15 23:02:05 | 000,070,421 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Nat Exp 16th April to 17th 11.GIF
[2011/04/15 22:26:07 | 000,042,074 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\London April 16th 2011.GIF
[2011/04/15 02:50:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Area 51 F15 over Arizona.bmp
[2011/04/15 02:38:02 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Underground Tunnel.bmp
[2011/04/14 13:51:38 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Sys config message.bmp
[2011/04/14 01:53:35 | 000,002,781 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Traffic Generation Summit Schedule.rtf
[2011/04/13 04:00:14 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Opportunity Avenue.bmp
[2011/04/12 23:49:59 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Sexy babe.bmp
[2011/04/12 16:43:38 | 000,012,180 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Lowest House Prices.rtf
[2011/04/12 00:31:51 | 000,006,402 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Bullying personality.rtf
[2011/04/11 22:26:54 | 000,030,770 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Spam Arrest.GIF
[2011/04/10 22:56:26 | 000,098,043 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Cheadle builders.GIF
[2011/04/10 20:17:56 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Chris cobb event.bmp
[2011/04/10 20:14:36 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Jim mcdonald.bmp
[2011/04/10 12:27:31 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\LCS case study 10.bmp
[2011/04/10 12:24:16 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 9.bmp
[2011/04/10 12:22:17 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\LCS case study 8.bmp
[2011/04/10 12:16:45 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 7.bmp
[2011/04/10 12:14:51 | 001,561,734 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 6.bmp
[2011/04/10 12:13:32 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 5.bm[2011/04/10 12:12:37 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 4.bmp
[2011/04/10 12:10:26 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 3.bmp
[2011/04/10 12:09:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS case study 2.bmp
[2011/04/10 12:08:25 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\LCS case study.bmp
[2011/04/10 12:02:12 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter Documents\why google local.bmp
[2011/04/10 11:57:56 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LCS get multiple locations.bmp
[2011/04/10 11:51:22 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\LBL..google loc bus opt.bmp
[2011/04/10 11:49:41 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\LPL get google local listing to perform.bmp
[2011/04/10 11:47:02 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local client solutions..need local listing.bmp
[2011/04/10 11:43:07 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local client solutions 2.bmp
[2011/04/10 11:42:18 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local client solutions.bmp
[2011/04/10 11:41:25 | 000,003,735 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local client solutions.rtf
[2011/04/10 11:29:36 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\gps34.bmp
[2011/04/10 11:19:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps33.bmp
[2011/04/10 11:18:07 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gp32.bmp
[2011/04/10 11:17:34 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gp31.bmp
[2011/04/10 11:16:56 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps31.bmp
[2011/04/10 11:16:18 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps30.bmp
[2011/04/10 11:15:10 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps29.bmp
[2011/04/10 11:14:42 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\gps28.bmp
[2011/04/10 11:12:45 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter e\My Documents\gps27.bmp
[2011/04/10 11:09:03 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps26.bmp
[2011/04/10 11:08:35 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\gps25.bmp
[2011/04/10 11:07:31 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps23.bmp
[2011/04/10 11:04:57 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\gps22.bmp
[2011/04/10 11:03:56 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps21.bmp
[2011/04/10 11:03:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps20.bmp
[2011/04/10 11:01:31 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps19.bmp
[2011/04/10 10:57:41 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps18.bmp
[2011/04/10 10:54:23 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps16.bmp
[2011/04/10 10:53:44 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps15.bmp
[2011/04/10 10:50:54 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps14.bmp
[2011/04/10 10:49:27 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps13.bmp
[2011/04/10 10:46:59 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps12.bmp
[2011/04/10 10:46:04 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps11.bmp
[2011/04/10 10:42:36 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps10.bmp[2011/04/10 10:40:28 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps9.bmp
[2011/04/10 10:35:08 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps8.bmp
[2011/04/10 10:32:30 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps7.bmp
[2011/04/10 10:29:58 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps6.bmp
[2011/04/10 10:27:39 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps5.bmp
[2011/04/10 10:26:38 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps4.bmp
[2011/04/10 10:24:20 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps3.bmp
[2011/04/10 10:20:59 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gps1.bmp
[2011/04/10 01:13:48 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\lady.bmp
[2011/04/09 23:24:28 | 000,041,073 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Nat exp 9th April 2011 Man to Lon return.GIF
[2011/04/09 23:02:31 | 000,031,958 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Nat express London to Heathrow return 9th April 11.GIF
[2011/04/09 19:32:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\GP10.bmp
[2011/04/09 19:20:53 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\gp3.bmp
[2011/04/08 23:37:10 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Stock Market screen.bmp
[2011/04/08 18:54:19 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Mark Vurnum webinar April 8th 11.bmp
[2011/04/08 17:53:13 | 535,064,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 17:26:36 | 000,013,188 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\MSconfig.rtf
[2011/04/08 05:02:45 | 000,002,296 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\geekstogo instructions.rtf
[2011/04/07 21:59:35 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business mastery.bmp
[2011/04/07 20:02:35 | 000,039,696 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Aqua phone no.GIF
[2011/04/07 01:07:01 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 6.bmp
[2011/04/07 01:05:55 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 5.bmp
[2011/04/07 00:36:17 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 4.bmp
[2011/04/07 00:15:45 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 3.bmp
[2011/04/06 23:59:35 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum 2.bmp
[2011/04/06 22:42:30 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business Mark vurnum.bmp
[2011/04/06 22:25:10 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Durdle door.bmp
[2011/04/06 22:18:10 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Dorset Durdle Door Man o war.bmp
[2011/04/06 21:13:53 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\South West England.bmp
[2011/04/06 14:53:34 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/04 05:40:57 | 034,578,376 | ---- | C] () -- C:\Documents and Settings\Pete\My Documents\PJKbook.pdf
[2011/04/03 15:04:49 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Peter \g2mdlhlpx.exe
[2011/04/03 01:43:18 | 000,027,867 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\


[2011/04/02 23:22:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:22:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:22:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:22:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:22:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe


[2011/04/02 09:16:34 | 000,104,783 | ---- | C] () -- C:\Documents and Settings\Peter My Documents\CF msg.GIF
[2011/04/02 07:08:34 | 000,060,339 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\OTL alt.rtf
[2011/04/02 04:43:33 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Peter ktop\NTREGOPT.lnk
[2011/04/02 04:43:32 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Peter \Desktop\ERUNT.lnk
[2011/03/28 06:24:13 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter e\My Documents\nanacontinuity.bmp
[2011/03/27 07:28:38 | 000,105,214 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Porter Stansbery.rtf
[2011/03/27 06:26:44 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Gov debt chart.bmp
[2011/03/27 04:23:08 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter y Documents\Products that sell on webinars.bmp
[2011/03/27 04:10:51 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Local business Webinar.bmp
[2011/03/27 03:46:50 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter \My Documents\Joel Peterson.bmp
[2011/03/26 22:44:37 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Peter Documents\Grand canyon ....bmp
[2010/08/08 13:05:27 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Peter \Local Settings\Application Data\housecall.guid.cache


[2010/08/08 12:55:51 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti2mzq1.sys
[2010/07/10 20:23:22 | 000,092,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/27 12:31:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/08 23:47:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/12 19:36:00 | 000,007,856 | ---- | C] () -- C:\WINDOWS\extend.dat
[2009/03/28 07:09:50 | 1377,429,536 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/25 05:55:59 | 001,075,840 | ---- | C] () -- C:\Program Files\Google Updater.exe
[2009/02/02 10:22:22 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2008/08/22 18:48:22 | 000,104,416 | ---- | C] () -- C:\Documents and Settings\Peter/\Local Settings\Application Data\Open Source Software Bundle Installer2.exe
[2008/02/11 10:39:26 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 10:39:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 14:53:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008/02/05 09:48:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007/07/27 15:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 15:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/07/25 14:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/24 17:18:12 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/11 01:22:03 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Peter \Local Settings\Application Data\fusioncache.dat
[2006/05/01 00:31:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/05/01 00:31:52 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/15 00:48:37 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/02/20 00:10:31 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/02/13 14:12:27 | 000,003,480 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/02/07 09:23:25 | 001,489,920 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2005/12/05 20:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 13:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/10/27 03:22:51 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/10/27 03:22:16 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/10/14 05:19:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/09/12 06:17:19 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Peter \Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/09 23:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/08/09 23:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/14 04:55:10 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Peter \Application Data\dm.ini
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/25 13:59:02 | 000,000,673 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/25 13:57:22 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2005/04/25 13:57:21 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2005/04/25 11:57:10 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\dlbtih.exe
[2005/04/25 11:57:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2005/04/25 11:57:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2005/04/25 11:57:09 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2005/04/25 11:57:05 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2005/04/25 11:57:00 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2005/04/17 13:52:47 | 000,000,153 | ---- | C] () -- C:\WINDOWS\aebmark.ini
[2005/04/17 13:08:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\AEBFONT.INI
[2005/04/10 18:54:30 | 000,000,015 | ---- | C] () -- C:\WINDOWS\cfwin.ini
[2005/04/10 18:54:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cfwinlib.ini
[2005/04/10 17:28:10 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2005/04/04 09:40:17 | 000,000,014 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005/03/27 15:01:37 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Peter \Application Data\QSPMShare
[2005/03/19 03:14:29 | 000,059,904 | ---- | C] () -- C:\WINDOWS\ShareBarData.dll
[2005/03/16 02:18:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/16 02:16:23 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/16 02:10:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/16 01:56:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/16 01:54:58 | 000,443,034 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/16 01:54:58 | 000,072,134 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/16 01:22:06 | 000,000,366 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/15 19:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/01 17:33:46 | 000,000,680 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:08:08 | 000,143,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:03:52 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:02:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 11:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 11:08:26 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/08/04 06:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/04/20 12:08:08 | 000,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2004/01/09 11:10:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 03:17:24 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 03:17:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1996/11/17 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1980/01/01 01:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2008/05/26 17:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2006/02/19 03:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/04/24 13:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009/03/26 22:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2005/11/27 00:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/21 22:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/03/16 02:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/02/02 08:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\Any Video Converter
[2006/12/28 22:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\CoffeeCup Software
[2011/04/20 23:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\eBookPro6
[2010/09/28 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\FileZilla
[2009/02/19 04:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Application Data\Flock
[2008/04/26 04:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Application Data\HouseCall 6.6
[2009/03/19 07:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\KompoZer
[2005/12/09 22:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\Leadertech
[2006/05/11 01:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\NASA
[2008/06/18 03:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\Nvu
[2008/08/22 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\OSI
[2009/03/31 08:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\PCToolsFirewallPlus
[2009/03/12 06:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\StumbleUpon
[2005/03/27 15:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\Template
[2005/05/29 21:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\Tesco
[2006/02/13 14:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\Thunderbird
[2009/09/23 03:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\uTorrent
[2008/05/31 19:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter \Application Data\Viewpoint
[2011/04/22 01:14:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2011/04/21 23:00:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

[Salagubang]

Reviewing the logs, I found that we missed doing a full system scan for leftover nasties that might find their way back into the system. Lest I forgot again, let us proceed with the system scan.

Download Dr.Web CureIt to the desktop.

• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, chose the Complete Scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

[dowsp]

Hi Sal,

OK , I will do that,

But It will be in the next day or two.

Time for me to ZZZ !

Speak later

Dowsp