Hello,

My computer is sending almost as many packets as it is receiving, and seems to regularly be sending packets all day and night. Attached are the following logs:
- Malwarebytes (MBAM)
- GMER
- MBRCheck
- DDS(2 logs)

Thank you for your help.

------------------
Malwarebytes log

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7796

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/09/2011 16:31:42
mbam-log-2011-09-25 (16-31-42).txt

Scan type: Quick scan
Objects scanned: 189137
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------
GMER


GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-09-25 16:53:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEKT-00F3T0 rev.11.01A11
Running: nvclskrg.exe; Driver: C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\uxlyypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xB8FEE4D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xB8FEE520]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E22F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E22CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E22D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E22CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01F92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01F92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01F92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01F92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[1340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[1340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[1340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[1340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Pierre and Marielle\My Documents\Downloads\nvclskrg.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Pierre and Marielle\My Documents\Downloads\nvclskrg.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Pierre and Marielle\My Documents\Downloads\nvclskrg.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Pierre and Marielle\My Documents\Downloads\nvclskrg.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00502F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00502CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00502D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00502CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[2800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[3212] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3796] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3824] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\stsystra.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00512D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\FileOpenWebPublisherScreenHookDriver \Device\FileOpenWebPublisherScreenHookDriver fowp32.sys

AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SymSnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

-----------------------

MBRCheck

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-25 16:58:23
-----------------------------
16:58:23.765 OS Version: Windows 5.1.2600 Service Pack 3
16:58:23.765 Number of processors: 2 586 0xE08
16:58:23.765 ComputerName: PT_LAPTOP UserName:
16:58:24.406 Initialize success
16:58:52.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:58:52.765 Disk 0 Vendor: WDC_WD1600BEKT-00F3T0 11.01A11 Size: 152627MB BusType: 3
16:58:54.796 Disk 0 MBR read successfully
16:58:54.812 Disk 0 MBR scan
16:58:54.812 Disk 0 unknown MBR code
16:58:54.812 Disk 0 scanning sectors +312576705
16:58:54.890 Disk 0 scanning C:\WINDOWS\system32\drivers
16:59:09.843 Service scanning
16:59:10.937 Modules scanning
16:59:14.281 Disk 0 trace - called modules:
16:59:14.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
16:59:14.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5cd310]
16:59:14.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a571d98]
16:59:14.296 Scan finished successfully
17:00:28.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pierre and Marielle\Desktop\MBR.dat"
17:00:28.828 The log file has been saved successfully to "C:\Documents and Settings\Pierre and Marielle\Desktop\aswMBR.txt"


----------------------

DDS - DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Pierre and Marielle at 17:04:19 on 2011-09-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1173 [GMT 2:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Program Files\Photodex\ProShow\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: AutorunsDisabled - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInsta nce.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000018.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {0483894e-2422-45e0-8384-021aff1af3cd} - iOpus iMacros
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000018.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000018.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WorldClock] "c:\program files\wimsprg\worldclock\wclock30.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [<NO NAME>]
mRun: [WorldClock]
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dig ita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ser vic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD}
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150629329875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://74.15.184.92:1024/NetCamPlayerWeb11gv2.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F498F5F-EDBE-4EB3-8F8A-FD716D41D6F1} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.35 dhcppc2
Hosts: 192.168.1.37 dhcppc4
Hosts: 192.168.1.80 dhcppc1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pierre and marielle\application data\mozilla\firefox\profiles\a15ro5ho.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://uk.my.yahoo.com/|World News - Latest Headlines, Top Stories, Breaking Global News - Wall Street Journal - Wsj.com
FF - plugin: c:\documents and settings\pierre and marielle\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.d ll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.d ll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.d ll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-7-1 16024]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.s ys [2010-8-26 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2010-8-26 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-8-26 212568]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\documents and settings\all users\application data\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-3-1 10448]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2008-12-1 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-25 366152]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sy s [2008-11-28 35840]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-7-1 220824]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2011-5-11 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapif s.sys [2010-8-26 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2011-5-11 181584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-9-25 22216]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2010-5-14 69208]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 135664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-7-23 6609920]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.s ys [2010-8-26 94040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-12-13 198248]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79464]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-12-13 181864]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2009-10-28 583640]
S4 Rx2Agent;Rx2Agent;c:\program files\raxco\perfectspeed20\Rx2Agent.exe [2010-1-21 779528]
S4 Rx2Engine;Rx2Engine;c:\program files\raxco\perfectspeed20\Rx2Engine.exe [2010-1-21 947464]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-23 1174152]
.
=============== Created Last 30 ================
.
2011-09-25 1447 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-25 1447 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-09-25 11:54:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 18:47:41 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-23 17:32:13 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-07-21 12:08:56 72080 ----a-w- c:\documents and settings\pierre and marielle\g2mdlhlpx.exe
2011-07-01 1002 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-07-01 10:55:38 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-07-01 10:55:28 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2005-09-09 18:55:53 7155864 ----a-w- c:\program files\NGhost10.msi
2004-08-09 21:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
1998-10-01 13:20:58 19904 ----a-w- c:\program files\_ISREG16.DLL
1998-01-12 07:26:40 590064 ----a-w- c:\program files\GCOACHA1.EXE
1997-05-29 08:41:06 12800 ----a-w- c:\program files\VFW1.EXE
.
============= FINISH: 17:05:25.67 ===============
--------------------------

DDS - Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 01/03/2006 13:35:30
System Uptime: 25/09/2011 16:34:37 (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 29.276 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 76 GiB total, 62.629 GiB free.
F: is Removable
K: is NetworkDisk (NTFS) - 75 GiB total, 51.244 GiB free.
S: is NetworkDisk (NTFS) - 292 GiB total, 177.629 GiB free.
T: is NetworkDisk (NTFS) - 292 GiB total, 177.629 GiB free.
U: is NetworkDisk (NTFS) - 292 GiB total, 177.629 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\14DE0C50314FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\14DE0C50314FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP1570: 27/06/2011 22:03:20 - System Checkpoint
RP1571: 29/06/2011 07:41:34 - System Checkpoint
RP1572: 30/06/2011 12:16:37 - System Checkpoint
RP1573: 01/07/2011 14:02:03 - System Checkpoint
RP1574: 01/07/2011 22:46:41 - Software Distribution Service 3.0
RP1575: 02/07/2011 11:36:15 - Made by Registry Mechanic O
RP1576: 02/07/2011 1638 - Software Distribution Service 3.0
RP1577: 03/07/2011 17:48:52 - System Checkpoint
RP1578: 04/07/2011 20:47:40 - System Checkpoint
RP1579: 04/07/2011 22:59:31 - Made by Registry Mechanic O
RP1580: 05/07/2011 20:39:36 - Made by Registry Mechanic O
RP1581: 07/07/2011 07:33:28 - System Checkpoint
RP1582: 08/07/2011 08:00:04 - System Checkpoint
RP1583: 09/07/2011 10:51:26 - System Checkpoint
RP1584: 10/07/2011 10:54:41 - Installed BlackBerry App World Browser Plugin
RP1585: 11/07/2011 13:10:57 - System Checkpoint
RP1586: 12/07/2011 09:25:01 - Made by Registry Mechanic O
RP1587: 13/07/2011 11:57:32 - System Checkpoint
RP1588: 13/07/2011 12:08:07 - Software Distribution Service 3.0
RP1589: 14/07/2011 1221 - System Checkpoint
RP1590: 15/07/2011 13:32:20 - System Checkpoint
RP1591: 17/07/2011 21:37:00 - System Checkpoint
RP1592: 20/07/2011 19:35:06 - System Checkpoint
RP1593: 21/07/2011 14:08:00 - Made by Registry Mechanic O
RP1594: 22/07/2011 14:23:10 - System Checkpoint
RP1595: 22/07/2011 18:26:01 - Installed Bluetooth Stack for Windows by Toshiba - SP2
RP1596: 22/07/2011 18:32:24 - Removed Bluetooth HID Switch Service
RP1597: 22/07/2011 18:33:33 - Removed Bluetooth Stack for Windows by Toshiba
RP1598: 22/07/2011 18:41:30 - Installed Broadcom 440x 10/100 Integrated Controller
RP1599: 22/07/2011 19:10:59 - Made by Registry Mechanic O
RP1600: 22/07/2011 19:29:09 - Installed Modem Helper
RP1601: 22/07/2011 20:36:02 - Installed Bluetooth Stack for Windows by Toshiba - SP2
RP1602: 23/07/2011 11:10:21 - Removed Modem Helper
RP1603: 23/07/2011 11:18:25 - Made by Registry Mechanic O
RP1604: 23/07/2011 13:02:43 - Installed HiJackThis
RP1605: 23/07/2011 19:49:00 - Installed Intel(R) PROSet/Wireless WiFi Software.
RP1606: 24/07/2011 19:14:39 - Made by Registry Mechanic O
RP1607: 24/07/2011 19:15:01 - Made by Registry Mechanic O
RP1608: 25/07/2011 07:34:52 - Software Distribution Service 3.0
RP1609: 25/07/2011 21:42:30 - Installed FileOpen Client
RP1610: 27/07/2011 06:46:11 - System Checkpoint
RP1611: 28/07/2011 09:33:40 - Made by Registry Mechanic O
RP1612: 29/07/2011 10:06:36 - System Checkpoint
RP1613: 30/07/2011 10:33:35 - System Checkpoint
RP1614: 01/08/2011 07:46:33 - System Checkpoint
RP1615: 02/08/2011 08:09:44 - System Checkpoint
RP1616: 03/08/2011 08:34:45 - System Checkpoint
RP1617: 03/08/2011 18:22:58 - Made by Registry Mechanic O
RP1618: 04/08/2011 19:03:39 - System Checkpoint
RP1619: 05/08/2011 18:52:33 - Installed Macrium Reflect - Free Edition
RP1620: 23/09/2011 23:16:37 - System Checkpoint
RP1621: 25/09/2011 08:14:57 - System Checkpoint
.
==== Installed Programs ======================
.
4Team Sync2
7-Zip 4.57
Adobe AIR
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Setup
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.2
Avanquest update
BlackBerry App World Browser Plugin
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
BufferChm
CCleaner
CDMaster32
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
ContentSAFER for Wizmax
Copernic Desktop Search 2
CP_PLSBusinessFlyers
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
Dell Driver Download Manager
Dell Media Experience
Dell System Restore
DerivaGem 1.52
Destinations
devolo dLAN Configuration Wizard
devolo EasyClean
devolo EasyShare
devolo Informer
Digital Line Detect
Digital Photo Navigator 1.0
Director
DMX Update
DocProc
DocumentViewer
Download Center
DVD Solution
eReg
Extension Changer
FaxTools
FileOpen Client
FileZilla (remove only)
Fund Manager
GoodSync
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
Hoadley Options Strategy Evaluation Tool
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Color LaserJet 2820/2830/2840 2.0
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Detection
HP Software Update
hpp2800usg
hppCLJ2800
hppDustDevil
hppFaxDrv
hppFonts
hppIOFiles
hppManuals2800
hppscan2800
hppScanTo
hppSendFax
hppTooCool
HPSystemDiagnostics
IGNMap OACI 1.0
InstantShare
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Internal Network Card Power Management
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader 8
JAR Ground School
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Kensington PocketScan
LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint 6.20
Macrium Reflect - Free Edition
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 6-9 Converter
MLDownloader
Mozilla Firefox 5.0 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Navigation Computers
NetWaiting
NewzToolz v2.0.1
Norton Ghost 10.0
oDesk Team
OGA Notifier 2.0.0048.0
Opera 11.11
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
PDF-Viewer
PDF-XChange 3.0
PerfectSpeed PC Optimizer
Photodex Presenter
PhotoGallery
PowerDirector Express
PowerDVD
PowerProducer
ProShow
QFolder
QuickSet
QuickTime
Radio Swiss Pop
RealPlayer
Registry Mechanic 9.0
Rhapsody
Rhapsody Player Engine
RideReady - Private and Recreational Pilot
Samsung Media Studio 5
Scan
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Skype Toolbars
Skype™ 5.3
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Synology Assistant
System Checkup 3.0
System Requirements Lab for Intel
The Options Toolbox v5.0
TrayApp
TUGZip 3.5
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIPRE Antivirus Premium
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WorldClock 3.0
WYSIWYG Web Builder 5.5
XMind
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
25/09/2011 16:52:06, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
24/09/2011 13:53:47, error: Dhcp [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 0015C546C19C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
23/09/2011 22:06:17, error: Dhcp [1002] - The IP address lease 84.72.77.13 for the Network Card with network address 0015C546C19C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
23/09/2011 20:47:16, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
23/09/2011 20:47:08, error: Print [23] - Printer Lexmark X5100 Series,0 failed to initialize because a suitable Lexmark X5100 Series driver could not be found.
.
==== End Of File ===========================

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ======

So far I don't see much...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hello Broni

I ran Combofix and it ran about 10 steps and then my computer had a BSOD with the following message:

"A problem has been detected and windows has been shut down to prevent damage to your computer. Plug and play detected an error, most likely caused by a faulty driver. Check to make sure that any new hardware or software has been installed....

Technical information: STOP: 0x000000CA (0x00000004, 0x84393030 0x00000000 0x00000000)"

A possible connection is that I have had problems with my wireless LAN and disabled it about two months ago. My computer is a Dell inspiron 9400, and is about 5 years old. Not sure if that may be part of the problem.

I did not try to run Combofix again, and await your input / instructions.

Thanks and regards

Try again.
If still a problem....

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

Here is the ComboFix.txt file:

ComboFix 11-09-26.01 - Pierre and Marielle 26/09/2011 20:26:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1154 [GMT 2:00]
Running from: c:\documents and settings\Pierre and Marielle\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini.inus e
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini
c:\documents and settings\All Users\Application Data\AAUserName.txt
c:\documents and settings\Pierre and Marielle\g2mdlhlpx.exe
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\avp.exe.1ab52568.ini.inuse
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\DMX.exe.d0259252.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\hppusg.exe.fd0c032d.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\hppusg.exe.fd0c032d.ini.in use
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\hpqselsk.exe.a048b05c.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.a804a28f.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\OUTLOOK.EXE.c1b4c359.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\SL36.tmp.b7fe872d.ini
c:\documents and settings\Pierre and Marielle\Local Settings\Application Data\ApplicationHistory\UIMain.exe.f56a6b1b.ini
c:\documents and settings\Pierre and Marielle\WINDOWS
c:\program files\Extension Changer\extmain.exe
C:\Thumbs.db
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\iun6002.exe
c:\windows\Readme.txt
c:\windows\system32\cbbdcbcd3_s.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-25 14:21 . 2011-09-25 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-25 14:21 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-09-25 11:54 . 2011-05-27 08:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 18:47 . 2011-03-01 08:03 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-23 17:32 . 2011-07-23 17:32 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-07-23 11:02 . 2011-07-23 11:02 388096 ----a-r- c:\documents and settings\Pierre and Marielle\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-01 10:56 . 2011-07-01 10:56 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2011-07-01 10:55 . 2011-07-01 10:55 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys
2011-07-01 10:55 . 2011-07-01 10:55 45208 ----a-w- c:\windows\system32\drivers\psmounter.sys
2005-09-09 18:55 . 2008-11-30 14:48 7155864 ----a-w- c:\program files\NGhost10.msi
2004-08-09 21:30 . 2007-05-06 16:58 40960 ----a-w- c:\program files\Uninstall_CDS.exe
1998-10-01 13:20 . 2007-04-13 08:31 19904 ----a-w- c:\program files\_ISREG16.DLL
1998-01-12 07:26 . 2007-04-13 08:31 590064 ----a-w- c:\program files\GCOACHA1.EXE
1997-05-29 08:41 . 2007-04-13 08:31 12800 ----a-w- c:\program files\VFW1.EXE
2011-09-26 06:04 . 2011-03-25 11:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WorldClock"="c:\program files\WimsPrg\WorldClock\wclock30.exe" [2010-02-04 174080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-2-23 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Automation Anywhere Event Monitor.lnk]
backup=c:\windows\pss\Automation Anywhere Event Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Automation Anywhere Hotkeys.lnk]
backup=c:\windows\pss\Automation Anywhere Hotkeys.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-09 16:32 58984 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 01:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-10-28 23:32 1352272 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 14:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2005-02-07 10:10 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2011-01-12 13:16 1210640 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsMa nager]
2008-02-13 12:02 564496 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 12:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
2005-09-09 18:09 1537648 ----a-w- c:\program files\Norton Ghost\Agent\GhostTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
2004-09-05 15:20 380928 ----a-w- c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PerfectSpeed.exe]
2010-01-21 09:33 7365896 ----a-w- c:\program files\Raxco\PerfectSpeed20\PerfectSpeed.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-10-14 14:43 3217368 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-28 19:29 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-12-14 16:19 132624 ------w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-05 05:18 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-11-12 16:57 245760 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"TapiSrv"=3 (0x3)
"Rx2Engine"=3 (0x3)
"Norton Ghost"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"GEARSecurity"=2 (0x2)
"ccSetMgr"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)
"gupdatem"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ReflectService"=2 (0x2)
"PCToolsSSDMonitorSvc"=2 (0x2)
"Rx2Agent"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"pdfSaver3"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [01/07/2011 12:55 16024]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.s ys [26/08/2010 18:14 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [26/08/2010 18:11 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [26/08/2010 18:11 212568]
R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\documents and settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe [09/03/2011 18:02 212352]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [01/03/2011 10:02 10448]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/09/2011 16:21 366152]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sy s [28/11/2008 14:34 35840]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [01/07/2011 12:55 220824]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [11/05/2011 16:54 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapif s.sys [26/08/2010 18:14 74968]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [11/05/2011 16:54 181584]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [25/09/2011 16:21 22216]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [14/05/2010 09:00 69208]
R3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [29/04/2011 14:15 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/11/2009 18:56 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/11/2009 18:56 135664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 17:05 266544]
S3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [23/07/2011 13:08 6609920]
S3 SbHips;sbhips;c:\windows\system32\drivers\sbhips.s ys [26/08/2010 18:11 94040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [28/10/2009 20:00 583640]
S4 Rx2Agent;Rx2Agent;c:\program files\Raxco\PerfectSpeed20\Rx2Agent.exe [21/01/2010 11:33 779528]
S4 Rx2Engine;Rx2Engine;c:\program files\Raxco\PerfectSpeed20\Rx2Engine.exe [21/01/2010 11:33 947464]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-04 c:\windows\Tasks\GoodSync - PT email archive backup.job
- c:\program files\Siber Systems\GoodSync\GoodSync.exe [2010-02-06 02:05]
.
2011-08-04 c:\windows\Tasks\GoodSync - PT email backup.job
- c:\program files\Siber Systems\GoodSync\GoodSync.exe [2010-02-06 02:05]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:56]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://74.15.184.92:1024/NetCamPlayerWeb11gv2.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage - hxxp://uk.my.yahoo.com/|World News - Latest Headlines, Top Stories, Breaking Global News - Wall Street Journal - Wsj.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-WorldClock - (no file)
AddRemove-Navigation Computers1.0 - c:\windows\iun6002.exe
AddRemove-WYSIWYG_Web_Builder_5 - c:\windows\iun6002.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-09-26 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders \p* Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofi le\\Application Data\\Intel\\Wireless\\"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'explorer.exe'(9424)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll
c:\program files\Copernic Desktop Search 2\TOOLBA~1.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\hpzipm12.exe
c:\program files\Photodex\ProShow\ScsiAccess.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\windows\system32\wbem\unsecapp.exe
.
************************************************** ************************
.
Completion time: 2011-09-26 20:42:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-26 18:42
.
Pre-Run: 31,313,481,728 bytes free
Post-Run: 31,253,221,376 bytes free
.
- - End Of File - - 524DEA7815719C590E14408915492290

Uninstall Registry Mechanic 9.0
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

=================================================

Combofix log looks good now.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Hello Broni

I will uninstall Reg Mechanic 9. Thanks for the tip.
The OTL.txt file is posted below. There was not an extras.txt file. Is that possible?
Computer is the same as before. Today, until I ran the Combofix.exe, the computer had sent 2,159,617 packets, around 3 times what I had received. Since the combofix run, I have sent 13,818 and received 14,090 packets.
Thanks and regards


------------------------------

OTL logfile created on: 26/09/2011 21:14:18 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Pierre and Marielle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.82% Memory free
3.33 Gb Paging File | 2.86 Gb Available in Paging File | 86.02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.66 Gb Total Space | 29.15 Gb Free Space | 41.84% Space Free | Partition Type: NTFS
Drive E: | 75.99 Gb Total Space | 62.63 Gb Free Space | 82.42% Space Free | Partition Type: NTFS
Drive F: | 1.88 Gb Total Space | 1.82 Gb Free Space | 96.52% Space Free | Partition Type: FAT
Drive K: | 74.52 Gb Total Space | 51.25 Gb Free Space | 68.77% Space Free | Partition Type: NTFS
Drive S: | 292.17 Gb Total Space | 177.44 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
Drive T: | 292.17 Gb Total Space | 177.44 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
Drive U: | 292.17 Gb Total Space | 177.44 Gb Free Space | 60.73% Space Free | Partition Type: NTFS

Computer Name: PT_LAPTOP | User Name: Pierre and Marielle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 21:12:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/05/11 17:16:32 | 001,353,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2011/03/09 18:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011/01/12 15:26:54 | 001,400,832 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/02/04 17:11:24 | 000,174,080 | ---- | M] (Wim Heirman) -- C:\Program Files\WimsPrg\WorldClock\wclock30.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/02 19:46:27 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShow\scsiaccess.exe
PRC - [2005/11/16 23:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/20 16:06:04 | 000,193,904 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll
MOD - [2011/09/20 16:06:02 | 000,210,288 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\Definitions\libBase64.dll
MOD - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2011/01/19 11:20:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\vipre.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/02 19:46:27 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShow\scsiaccess.exe
MOD - [2006/12/10 21:31:12 | 000,087,800 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\unrar.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/03/09 18:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011/01/12 15:32:06 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/01/12 15:23:48 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2011/01/12 15:13:16 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/10/28 12:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/01/21 11:33:10 | 000,947,464 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe -- (Rx2Engine)
SRV - [2010/01/21 11:33:08 | 000,779,528 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe -- (Rx2Agent)
SRV - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/22 00:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/05 19:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/02 19:46:27 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/01/29 15:16:56 | 001,174,152 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/09 18:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 18:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 18:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Disabled | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/05/11 16:26:04 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (SbHips)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/10/07 14:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel(R)
DRV - [2010/08/24 19:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 19:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 19:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 19:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/26 15:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/08/21 10:33:52 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/11/28 14:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/06 08:11:43 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/07/06 08:11:43 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 2006 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/06 0448 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/06 0437 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2008/02/06 0425 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 04:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/06 04:19:54 | 000,095,384 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/02/05 19:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 19:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/13 10:43:28 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/08/06 12:32:02 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/06/13 12:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/13 11:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2006/06/09 21:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/12/04 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/29 19:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/11/29 19:37:44 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2005/11/29 19:37:44 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/09 20:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 20:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/15 01:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/15 00:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 02:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/05 11:46:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = My Yahoo! - Yahoo! UK
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google.com (in English)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/|http://online.wsj.com/public/page/news-global-world.html"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {BCC877E7-7F3F-4632-8338-DAEE4475DE35}:0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/26 08:04:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 21:57:35 | 000,000,000 | ---D | M]

[2010/07/10 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Extensions
[2010/07/10 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/25 13:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions
[2010/03/07 12:03:45 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/05/18 10:06:32 | 000,000,000 | ---D | M] (TableTools) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A}
[2011/03/05 13:32:07 | 000,000,000 | ---D | M] (Go To Google) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}
[2010/09/12 09:18:36 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\LogMeInClient@logmein.com
[2008/06/20 12:51:27 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\ask.xml
[2008/08/04 18:15:28 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\businesscom.xml
[2010/07/20 22:00:15 | 000,005,475 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\googlecom-in-english.xml
[2008/06/20 12:51:26 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\jeeves.xml
[2008/08/06 08:35:59 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\live-search.xml
[2008/05/27 10:28:19 | 000,001,071 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\lonelyplanet.xml
[2008/08/04 18:15:40 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\webster.xml
[2008/08/04 18:13:55 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\wikipedia-eng.xml
[2008/08/04 18:14:04 | 000,001,224 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\yahoo-answers.xml
[2011/06/25 08:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/28 18:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/25 09:12:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/25 10:52:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 07:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/26 18:58:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/25 13:10:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/25 08:38:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/04/25 09:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/14 15:08:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/26 08:04:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/26 08:04:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inpu tEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={la nguage}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.d ll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32 .dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dl l
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb\1.2.3.1_0\
CHR - Extension: AdSweep = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\milkhonmecplandlkfbjplfbde njlkmp\2.1.6\

O1 HOSTS File: ([2011/09/26 20:36:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll (Copernic Inc.)
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006..\Run: [WorldClock] C:\Program Files\WimsPrg\WorldClock\wclock30.exe (Wim Heirman)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.net/plugins/windo..._5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedIn...derControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} HP Product Detection (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1150629329875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://74.15.184.92:1024/NetCamPlayerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/dev...e/AxLoader.cab (RIM AxLoader)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{7F498F5F-EDBE-4EB3-8F8A-FD716D41D6F1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 18:30:26 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Remoteaccess - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 21:10:47 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
[2011/09/26 20:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/26 20:25:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/26 08:08:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/26 08:06:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/26 08:06:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/26 08:06:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/26 08:06:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/26 08:06:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/26 08:06:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/26 08:02:09 | 004,228,783 | R--- | C] (Swearware) -- C:\Documents and Settings\Pierre and Marielle\Desktop\ComboFix.exe
[2011/09/25 1652 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/25 1647 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/25 1647 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/25 15:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2008/05/12 08:32:41 | 000,017,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GT680X.SYS
[2007/04/13 10:31:30 | 000,019,904 | ---- | C] (Stirling Technologies Inc.) -- C:\Program Files\_ISREG16.DLL
[2007/04/13 10:31:25 | 000,012,800 | ---- | C] (HyperCALL Systems Ltd) -- C:\Program Files\VFW1.EXE
[2007/04/13 10:31:22 | 000,590,064 | ---- | C] (Charanga Ltd) -- C:\Program Files\GCOACHA1.EXE
[2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/26 21:12:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
[2011/09/26 20:48:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/26 20:40:16 | 000,507,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/26 20:40:16 | 000,098,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/26 20:36:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/26 20:35:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/26 20:35:57 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/26 20:35:46 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/26 20:35:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/26 20:35:20 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 08:16:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/09/26 08:08:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/26 08:02:14 | 004,228,783 | R--- | M] (Swearware) -- C:\Documents and Settings\Pierre and Marielle\Desktop\ComboFix.exe
[2011/09/25 17:00:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Desktop\MBR.dat
[2011/09/25 15:03:50 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/25 14:54:41 | 000,001,877 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 08:08:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/26 08:08:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/26 08:06:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/26 08:06:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/26 08:06:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/26 08:06:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/26 08:06:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/25 17:00:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Desktop\MBR.dat
[2011/09/25 15:03:50 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/23 19:32:13 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/04/18 20:20:17 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\$_hpcst$.hpc
[2011/03/05 14:14:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2011/03/05 14:14:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2011/03/05 14:14:08 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2011/03/05 13:42:41 | 000,053,975 | ---- | C] () -- C:\WINDOWS\hppins01.dat
[2011/03/05 13:42:41 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2009/11/19 15:54:25 | 000,027,371 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft Excel.ADR
[2009/09/29 21:32:24 | 000,012,994 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (Windows).CAL
[2009/09/13 13:05:48 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/08/20 08:33:52 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/25 17:14:46 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/12/25 17:14:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/12/08 22:28:18 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/30 16:48:51 | 007,155,864 | ---- | C] () -- C:\Program Files\NGhost10.msi
[2008/11/30 16:48:51 | 000,000,035 | ---- | C] () -- C:\Program Files\SCSSDist.ini
[2008/11/30 16:48:42 | 037,766,164 | ---- | C] () -- C:\Program Files\Data1.cab
[2008/09/13 10:31:59 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\netstat.bat
[2008/08/22 09:02:06 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\dg152.dll
[2008/05/16 08:43:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/05/16 08:43:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/05/12 08:33:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2008/05/12 08:33:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ppnthing.dll
[2008/05/12 08:32:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AutoSet.dll
[2008/04/23 12:18:49 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2008/02/11 11:22:30 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/02/11 11:22:29 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/02/05 19:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/10/06 16:43:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/09/12 10:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/29 12:46:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/05/12 1025 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/12 10:55:22 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/06 18:58:33 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2007/04/13 10:31:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/04/13 10:31:26 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HSTUD.BMP
[2007/04/13 10:31:26 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HPRAC.BMP
[2007/04/13 10:31:26 | 000,000,064 | ---- | C] () -- C:\Program Files\GCOACHA1.LDB
[2007/04/13 10:31:25 | 001,441,792 | ---- | C] () -- C:\Program Files\GCOACHA1.MDB
[2007/04/13 10:31:25 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HREF.BMP
[2007/04/13 10:31:25 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HPRES.BMP
[2007/04/13 10:31:25 | 000,064,846 | ---- | C] () -- C:\Program Files\CHMETRO.MID
[2007/04/13 10:31:25 | 000,000,138 | ---- | C] () -- C:\Program Files\GCOACHA1.INI
[2007/04/13 10:31:20 | 000,004,319 | ---- | C] () -- C:\Program Files\DEISL1.ISU
[2007/03/06 11:50:31 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/02/21 11:45:20 | 000,000,273 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/02/21 11:45:19 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/02/21 11:44:33 | 000,001,025 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/02/08 10:01:44 | 000,000,255 | ---- | C] () -- C:\WINDOWS\GetEmkbm.ini
[2006/10/30 11:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/09/13 00:24:09 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/09/09 14:22:32 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/09/06 20:58:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/06 16:01:42 | 000,000,470 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/08/07 13:49:18 | 000,001,022 | ---- | C] () -- C:\WINDOWS\CDMaster.ini
[2006/08/07 13:49:17 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Nviewlib.dll
[2006/08/07 13:49:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/08/07 13:49:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2006/08/07 13:49:16 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\vcedit.dll
[2006/08/07 13:49:16 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/08/07 12:57:51 | 000,144,384 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/02 21:43:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2006/08/02 18:24:22 | 000,000,523 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/01 19:13:39 | 000,007,100 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/01 19:13:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D0CD55272A.sys
[2006/04/25 20:16:03 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 08:57:28 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\2A2755CDD0.sys
[2006/04/02 14:52:02 | 000,011,418 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (DOS).TSK
[2006/04/02 14:51:14 | 000,038,458 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (DOS).ADR
[2006/04/02 14:50:22 | 000,012,972 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (DOS).CAL
[2006/03/04 13:28:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/01 17:27:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/03/01 15:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/01 15:11:34 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/01 15:10:30 | 000,007,820 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/03/01 14:36:42 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\fusioncache.dat
[2006/02/23 19:47:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/23 19:36:01 | 000,001,253 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/23 19:33:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/23 19:28:56 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/02/23 19:04:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/23 19:03:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/02/23 19:03:46 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/02 11:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 11:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/21 14:41:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2005/01/20 15:18:56 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2004/11/29 16:43:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/11 19:24:19 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 001,663,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/11 19:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/11 19:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/11 19:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/11 19:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,507,952 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,098,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 23:35:29 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1996/08/20 23:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1994/11/18 01:00:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL

========== LOP Check ==========

[2008/04/24 14:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/11/29 18:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2008/04/05 11:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/11/30 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/04/23 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2009/09/13 14:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/21 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2011/07/25 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/05/17 11:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/02/10 09:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/02/19 09:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2011/07/24 10:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/12/01 09:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/03/28 13:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2006/08/02 15:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/02/28 17:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OsaSync
[2008/12/09 09:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/02/05 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/11/28 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/11/28 18:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/03 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/03 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/04/24 14:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2009/10/01 11:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\4Team
[2008/04/24 15:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Acronis
[2008/11/29 18:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Avanquest
[2007/08/20 15:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Blumentals
[2008/05/27 08:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Cloudmark
[2008/12/25 17:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\DataCast
[2009/06/21 14:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\diag
[2011/07/25 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\FileOpen
[2011/09/23 22:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Fund Manager
[2011/09/26 10:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\GoodSync
[2009/09/11 15:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\gSyncit
[2011/07/24 10:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\iolo
[2006/07/13 19:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Leadertech
[2007/04/20 10:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\LinkedIn
[2009/04/21 08:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\MailWasherFree
[2006/08/02 15:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\muvee Technologies
[2008/03/20 09:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Netscape
[2009/01/20 21:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\NewzToolz
[2008/08/20 11:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\OfficeUpdate12
[2007/05/17 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Opera
[2007/05/02 19:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Photodex
[2010/01/22 12:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Registry Mechanic
[2010/11/25 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\SystemRequirementsLab
[2008/07/03 20:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\TeamViewer
[2010/07/10 12:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Thunderbird
[2009/10/09 15:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\TS_NTD
[2006/08/01 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Ulead Systems
[2011/03/25 14:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Uniblue
[2009/02/09 10:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Vocabilis
[2010/12/21 16:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\XMind
[2011/08/04 06:30:09 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - PT email archive backup.job
[2011/08/04 06:00:12 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - PT email backup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/25 09:38:55 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/08/01 18:30:26 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/05/12 08:23:10 | 000,020,520 | ---- | M] () -- C:\bar.emf
[2011/07/17 20:49:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/26 08:08:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2006/08/07 14:19:08 | 000,000,162 | ---- | M] () -- C:\BURNER2.LOG
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/26 20:42:06 | 000,023,030 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/07 13:58:52 | 000,073,544 | ---- | M] () -- C:\debug.log
[2006/02/23 19:09:32 | 000,005,260 | RH-- | M] () -- C:\dell.sdr
[2011/09/26 20:35:20 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/01 17:04:37 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/04/23 12:12:16 | 000,000,743 | ---- | M] () -- C:\JavaRa.log
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/01 15:14:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/26 20:35:19 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2007/05/02 19:47:05 | 000,001,435 | ---- | M] () -- C:\photodex-presenter-install.log
[2008/01/19 20:16:08 | 000,001,736 | ---- | M] () -- C:\photodex_dshow.log
[2010/04/08 19:49:42 | 000,004,042 | ---- | M] () -- C:\Rescued document 1.txt
[2007/07/16 08:08:11 | 000,003,616 | ---- | M] () -- C:\Rescued document.txt
[2007/07/04 07:33:38 | 000,035,690 | ---- | M] () -- C:\SBCSTray.log
[2006/10/04 10:07:54 | 000,000,711 | ---- | M] () -- C:\Settings.ini
[2007/08/30 18:10:29 | 002,407,137 | ---- | M] () -- C:\sysinfo.txt
[2011/03/05 13:39:37 | 000,000,743 | ---- | M] () -- C:\updatedatfix.log
[2007/02/15 07:58:12 | 000,000,289 | ---- | M] () -- C:\wpsys.ini
[2008/06/10 13:10:48 | 000,000,152 | ---- | M] () -- C:\YServer.txt
[2006/08/07 13:50:28 | 000,000,013 | RH-- | M] () -- C:\~State.INI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 19:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2004/05/13 13:40:56 | 000,051,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP034 .DLL
[2008/10/16 20:35:50 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc. dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
[2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
[2002/05/14 16:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint 2000.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/07/17 11:30:50 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[1997/05/11 21:18:56 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HPRAC.BMP
[1997/02/25 10:30:36 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HPRES.BMP
[1997/02/25 12:09:10 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HREF.BMP
[1997/02/25 10:30:56 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HSTUD.BMP
[1997/05/07 17:13:38 | 000,064,846 | ---- | M] () -- C:\Program Files\CHMETRO.MID
[2005/09/09 20:55:52 | 037,766,164 | ---- | M] () -- C:\Program Files\Data1.cab
[2007/04/13 10:32:27 | 000,004,319 | ---- | M] () -- C:\Program Files\DEISL1.ISU
[1998/01/12 09:26:40 | 000,590,064 | ---- | M] (Charanga Ltd) -- C:\Program Files\GCOACHA1.EXE
[2007/04/13 10:31:36 | 000,000,138 | ---- | M] () -- C:\Program Files\GCOACHA1.INI
[2008/12/28 1915 | 000,000,064 | ---- | M] () -- C:\Program Files\GCOACHA1.LDB
[1997/10/27 13:32:56 | 001,441,792 | ---- | M] () -- C:\Program Files\GCOACHA1.MDB
[2005/09/09 20:55:53 | 007,155,864 | ---- | M] () -- C:\Program Files\NGhost10.msi
[1999/02/22 11:22:32 | 000,004,313 | ---- | M] () -- C:\Program Files\README.TXT
[2005/09/09 20:55:53 | 000,000,035 | ---- | M] () -- C:\Program Files\SCSSDist.ini
[2004/08/09 23:30:22 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe
[1997/05/29 10:41:06 | 000,012,800 | ---- | M] (HyperCALL Systems Ltd) -- C:\Program Files\VFW1.EXE
[1998/10/01 15:20:58 | 000,019,904 | ---- | M] (Stirling Technologies Inc.) -- C:\Program Files\_ISREG16.DLL

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/01 15:23:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/03/01 14:37:16 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 19:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/26 08:02:14 | 004,228,783 | R--- | M] (Swearware) -- C:\Documents and Settings\Pierre and Marielle\Desktop\ComboFix.exe
[2011/09/26 21:12:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
[2009/10/17 09:50:09 | 036,028,096 | ---- | M] (Raxco Software, Inc. ) -- C:\Documents and Settings\Pierre and Marielle\Desktop\PerfectSpeed.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/03/01 14:37:14 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Pierre and Marielle\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/04/29 18:23:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Pierre and Marielle\Cookies\desktop.ini
[2011/09/26 21:10:36 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 02:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 16:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 02:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2002/07/17 16:22:34 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9497E060
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5694BFB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CE269

< End of report >

Hello Broni

I will uninstall Reg Mechanic 9. Thanks for the tip.
The OTL.txt file is posted below. There was not an extras.txt file. Is that possible?
Computer is the same as before. Today, until I ran the Combofix.exe, the computer had sent 2,159,617 packets, around 3 times what I had received. Since the combofix run, I have sent 13,818 and received 14,090 packets.
Thanks and regards


------------------------------

OTL logfile created on: 26/09/2011 21:14:18 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Pierre and Marielle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.82% Memory free
3.33 Gb Paging File | 2.86 Gb Available in Paging File | 86.02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.66 Gb Total Space | 29.15 Gb Free Space | 41.84% Space Free | Partition Type: NTFS
Drive E: | 75.99 Gb Total Space | 62.63 Gb Free Space | 82.42% Space Free | Partition Type: NTFS
Drive F: | 1.88 Gb Total Space | 1.82 Gb Free Space | 96.52% Space Free | Partition Type: FAT
Drive K: | 74.52 Gb Total Space | 51.25 Gb Free Space | 68.77% Space Free | Partition Type: NTFS
Drive S: | 292.17 Gb Total Space | 177.44 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
Drive T: | 292.17 Gb Total Space | 177.44 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
Drive U: | 292.17 Gb Total Space | 177.44 Gb Free Space | 60.73% Space Free | Partition Type: NTFS

Computer Name: PT_LAPTOP | User Name: Pierre and Marielle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/26 21:12:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2011/05/11 17:16:32 | 001,353,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
PRC - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
PRC - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
PRC - [2011/03/09 18:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2011/01/12 15:26:54 | 001,400,832 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/02/04 17:11:24 | 000,174,080 | ---- | M] (Wim Heirman) -- C:\Program Files\WimsPrg\WorldClock\wclock30.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/02 19:46:27 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShow\scsiaccess.exe
PRC - [2005/11/16 23:35:16 | 000,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/20 16:06:04 | 000,193,904 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\Definitions\libMachoUniv.dll
MOD - [2011/09/20 16:06:02 | 000,210,288 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\Definitions\libBase64.dll
MOD - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
MOD - [2011/01/19 11:20:14 | 000,308,560 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\vipre.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/02 19:46:27 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShow\scsiaccess.exe
MOD - [2006/12/10 21:31:12 | 000,087,800 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2005/12/22 17:28:40 | 000,160,768 | ---- | M] () -- C:\Program Files\Sunbelt Software\VIPRE\unrar.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 12:55:20 | 000,220,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2011/05/11 16:54:28 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/05/11 16:54:06 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2011/03/09 18:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2011/01/12 15:32:06 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/01/12 15:23:48 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2011/01/12 15:13:16 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/10/28 12:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/01/21 11:33:10 | 000,947,464 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe -- (Rx2Engine)
SRV - [2010/01/21 11:33:08 | 000,779,528 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe -- (Rx2Agent)
SRV - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/22 00:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/05 19:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/02 19:46:27 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/01/29 15:16:56 | 001,174,152 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/09 18:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 18:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 18:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/09 20:09:28 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2005/09/09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Disabled | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/01 12:55:38 | 000,016,024 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/05/11 16:26:04 | 000,021,592 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 17:35:20 | 000,332,248 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,212,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (SbHips)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/10/07 14:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Intel(R)
DRV - [2010/08/24 19:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 19:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 19:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 19:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/26 15:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/08/21 10:33:52 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2008/11/28 14:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/06 08:11:43 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/07/06 08:11:43 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 2006 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/02/06 0448 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/06 0437 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Deluxe(UVC)
DRV - [2008/02/06 0425 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 04:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/06 04:19:54 | 000,095,384 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2008/02/05 19:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 19:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/13 10:43:28 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/08/06 12:32:02 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/06/13 12:29:28 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/06/13 11:22:58 | 000,111,232 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2006/06/09 21:40:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/05/29 13:11:20 | 000,060,672 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2006/03/16 10:45:12 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:40 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/12/04 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/29 19:37:44 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/11/29 19:37:44 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2005/11/29 19:37:44 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/09 20:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005/09/09 20:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/15 01:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/15 00:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/13 02:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/08/04 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/05 11:46:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = My Yahoo! - Yahoo! UK
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google.com (in English)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/|http://online.wsj.com/public/page/news-global-world.html"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {BCC877E7-7F3F-4632-8338-DAEE4475DE35}:0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/26 08:04:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 21:57:35 | 000,000,000 | ---D | M]

[2010/07/10 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Extensions
[2010/07/10 12:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/25 13:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions
[2010/03/07 12:03:45 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/05/18 10:06:32 | 000,000,000 | ---D | M] (TableTools) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A}
[2011/03/05 13:32:07 | 000,000,000 | ---D | M] (Go To Google) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}
[2010/09/12 09:18:36 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\ext ensions\LogMeInClient@logmein.com
[2008/06/20 12:51:27 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\ask.xml
[2008/08/04 18:15:28 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\businesscom.xml
[2010/07/20 22:00:15 | 000,005,475 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\googlecom-in-english.xml
[2008/06/20 12:51:26 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\jeeves.xml
[2008/08/06 08:35:59 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\live-search.xml
[2008/05/27 10:28:19 | 000,001,071 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\lonelyplanet.xml
[2008/08/04 18:15:40 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\webster.xml
[2008/08/04 18:13:55 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\wikipedia-eng.xml
[2008/08/04 18:14:04 | 000,001,224 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\Firefox\Profiles\a15ro5ho.default\sea rchplugins\yahoo-answers.xml
[2011/06/25 08:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/28 18:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/25 09:12:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/25 10:52:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/25 07:29:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/26 18:58:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/25 13:10:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/25 08:38:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/04/25 09:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/14 15:08:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/26 08:04:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/26 08:04:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inpu tEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={la nguage}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.d ll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32 .dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\Pierre and Marielle\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dl l
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgj llcleb\1.2.3.1_0\
CHR - Extension: AdSweep = C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\milkhonmecplandlkfbjplfbde njlkmp\2.1.6\

O1 HOSTS File: ([2011/09/26 20:36:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInsta nce.dll (Yahoo! Inc)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll (Copernic Inc.)
O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006..\Run: [WorldClock] C:\Program Files\WimsPrg\WorldClock\wclock30.exe (Wim Heirman)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} http://host.cycore.net/plugins/windo..._5.3.0.228.cab (Cult3D ActiveX Player)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedIn...derControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} HP Product Detection (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1150629329875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeup...tent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get...nt/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://74.15.184.92:1024/NetCamPlayerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/dev...e/AxLoader.cab (RIM AxLoader)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{7F498F5F-EDBE-4EB3-8F8A-FD716D41D6F1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 18:30:26 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Remoteaccess - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/26 21:10:47 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
[2011/09/26 20:33:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/26 20:25:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/26 08:08:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/26 08:06:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/26 08:06:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/26 08:06:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/26 08:06:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/26 08:06:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/09/26 08:06:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/26 08:02:09 | 004,228,783 | R--- | C] (Swearware) -- C:\Documents and Settings\Pierre and Marielle\Desktop\ComboFix.exe
[2011/09/25 1652 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/25 1647 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/25 1647 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/25 15:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2008/05/12 08:32:41 | 000,017,376 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\GT680X.SYS
[2007/04/13 10:31:30 | 000,019,904 | ---- | C] (Stirling Technologies Inc.) -- C:\Program Files\_ISREG16.DLL
[2007/04/13 10:31:25 | 000,012,800 | ---- | C] (HyperCALL Systems Ltd) -- C:\Program Files\VFW1.EXE
[2007/04/13 10:31:22 | 000,590,064 | ---- | C] (Charanga Ltd) -- C:\Program Files\GCOACHA1.EXE
[2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/26 21:12:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
[2011/09/26 20:48:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/26 20:40:16 | 000,507,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/26 20:40:16 | 000,098,350 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/26 20:36:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/26 20:35:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/26 20:35:57 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/26 20:35:46 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/09/26 20:35:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/26 20:35:20 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/26 08:16:11 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/09/26 08:08:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/09/26 08:02:14 | 004,228,783 | R--- | M] (Swearware) -- C:\Documents and Settings\Pierre and Marielle\Desktop\ComboFix.exe
[2011/09/25 17:00:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Desktop\MBR.dat
[2011/09/25 15:03:50 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/09/25 14:54:41 | 000,001,877 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/26 08:08:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/09/26 08:08:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/26 08:06:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/26 08:06:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/26 08:06:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/26 08:06:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/26 08:06:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/25 17:00:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Desktop\MBR.dat
[2011/09/25 15:03:50 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/23 19:32:13 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/04/18 20:20:17 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\$_hpcst$.hpc
[2011/03/05 14:14:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2011/03/05 14:14:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2011/03/05 14:14:08 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2011/03/05 13:42:41 | 000,053,975 | ---- | C] () -- C:\WINDOWS\hppins01.dat
[2011/03/05 13:42:41 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2009/11/19 15:54:25 | 000,027,371 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft Excel.ADR
[2009/09/29 21:32:24 | 000,012,994 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (Windows).CAL
[2009/09/13 13:05:48 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/08/20 08:33:52 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/12/25 17:14:46 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/12/25 17:14:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/12/08 22:28:18 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/30 16:48:51 | 007,155,864 | ---- | C] () -- C:\Program Files\NGhost10.msi
[2008/11/30 16:48:51 | 000,000,035 | ---- | C] () -- C:\Program Files\SCSSDist.ini
[2008/11/30 16:48:42 | 037,766,164 | ---- | C] () -- C:\Program Files\Data1.cab
[2008/09/13 10:31:59 | 000,000,121 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\netstat.bat
[2008/08/22 09:02:06 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\dg152.dll
[2008/05/16 08:43:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/05/16 08:43:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/05/12 08:33:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2008/05/12 08:33:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ppnthing.dll
[2008/05/12 08:32:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AutoSet.dll
[2008/04/23 12:18:49 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2008/02/11 11:22:30 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/02/11 11:22:29 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/02/05 19:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/10/06 16:43:14 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2007/09/12 10:19:56 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/05/29 12:46:47 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/05/12 1025 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007/05/12 10:55:22 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007/05/06 18:58:33 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2007/04/13 10:31:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/04/13 10:31:26 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HSTUD.BMP
[2007/04/13 10:31:26 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HPRAC.BMP
[2007/04/13 10:31:26 | 000,000,064 | ---- | C] () -- C:\Program Files\GCOACHA1.LDB
[2007/04/13 10:31:25 | 001,441,792 | ---- | C] () -- C:\Program Files\GCOACHA1.MDB
[2007/04/13 10:31:25 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HREF.BMP
[2007/04/13 10:31:25 | 000,265,702 | ---- | C] () -- C:\Program Files\A1HPRES.BMP
[2007/04/13 10:31:25 | 000,064,846 | ---- | C] () -- C:\Program Files\CHMETRO.MID
[2007/04/13 10:31:25 | 000,000,138 | ---- | C] () -- C:\Program Files\GCOACHA1.INI
[2007/04/13 10:31:20 | 000,004,319 | ---- | C] () -- C:\Program Files\DEISL1.ISU
[2007/03/06 11:50:31 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/02/21 11:45:20 | 000,000,273 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/02/21 11:45:19 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/02/21 11:44:33 | 000,001,025 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/02/08 10:01:44 | 000,000,255 | ---- | C] () -- C:\WINDOWS\GetEmkbm.ini
[2006/10/30 11:30:30 | 000,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2006/09/13 00:24:09 | 000,046,345 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/09/09 14:22:32 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/09/06 20:58:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/06 16:01:42 | 000,000,470 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/08/07 13:49:18 | 000,001,022 | ---- | C] () -- C:\WINDOWS\CDMaster.ini
[2006/08/07 13:49:17 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\Nviewlib.dll
[2006/08/07 13:49:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/08/07 13:49:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2006/08/07 13:49:16 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\vcedit.dll
[2006/08/07 13:49:16 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/08/07 12:57:51 | 000,144,384 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/08/02 21:43:30 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2006/08/02 18:24:22 | 000,000,523 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/08/01 19:13:39 | 000,007,100 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/08/01 19:13:39 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D0CD55272A.sys
[2006/04/25 20:16:03 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/08 08:57:28 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\2A2755CDD0.sys
[2006/04/02 14:52:02 | 000,011,418 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (DOS).TSK
[2006/04/02 14:51:14 | 000,038,458 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (DOS).ADR
[2006/04/02 14:50:22 | 000,012,972 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Comma Separated Values (DOS).CAL
[2006/03/04 13:28:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/01 17:27:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/03/01 15:11:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/03/01 15:11:34 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2006/03/01 15:10:30 | 000,007,820 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/03/01 14:36:42 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Pierre and Marielle\Local Settings\Application Data\fusioncache.dat
[2006/02/23 19:47:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/23 19:36:01 | 000,001,253 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/23 19:33:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/23 19:28:56 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/02/23 19:04:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/02/23 19:03:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/02/23 19:03:46 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/02 11:39:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 11:39:16 | 000,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/05/04 20:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/21 14:41:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2005/01/20 15:18:56 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2004/11/29 16:43:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/11 19:24:19 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 19:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 19:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 19:06:43 | 001,663,632 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 19:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/11 19:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/11 19:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/11 19:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/11 19:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/11 19:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 19:00:28 | 000,507,952 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 19:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 19:00:28 | 000,098,350 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 19:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 19:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 19:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 19:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 19:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 19:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 19:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 19:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/14 23:35:29 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1996/08/20 23:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1994/11/18 01:00:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL

========== LOP Check ==========

[2008/04/24 14:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2008/11/29 18:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2008/04/05 11:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/11/30 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/04/23 12:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2009/09/13 14:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/21 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2011/07/25 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/05/17 11:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fund Manager
[2010/02/10 09:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/02/19 09:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GrebleSoft
[2011/07/24 10:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/12/01 09:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/03/28 13:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2006/08/02 15:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/02/28 17:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OsaSync
[2008/12/09 09:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/02/05 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/11/28 18:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/11/28 18:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/08/03 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/08/03 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/04/24 14:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Acronis
[2009/10/01 11:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\4Team
[2008/04/24 15:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Acronis
[2008/11/29 18:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Avanquest
[2007/08/20 15:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Blumentals
[2008/05/27 08:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Cloudmark
[2008/12/25 17:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\DataCast
[2009/06/21 14:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\diag
[2011/07/25 21:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\FileOpen
[2011/09/23 22:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Fund Manager
[2011/09/26 10:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\GoodSync
[2009/09/11 15:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\gSyncit
[2011/07/24 10:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\iolo
[2006/07/13 19:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Leadertech
[2007/04/20 10:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\LinkedIn
[2009/04/21 08:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\MailWasherFree
[2006/08/02 15:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\muvee Technologies
[2008/03/20 09:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Netscape
[2009/01/20 21:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\NewzToolz
[2008/08/20 11:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\OfficeUpdate12
[2007/05/17 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Opera
[2007/05/02 19:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Photodex
[2010/01/22 12:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Registry Mechanic
[2010/11/25 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\SystemRequirementsLab
[2008/07/03 20:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\TeamViewer
[2010/07/10 12:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Thunderbird
[2009/10/09 15:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\TS_NTD
[2006/08/01 15:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Ulead Systems
[2011/03/25 14:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Uniblue
[2009/02/09 10:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Vocabilis
[2010/12/21 16:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\XMind
[2011/08/04 06:30:09 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - PT email archive backup.job
[2011/08/04 06:00:12 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - PT email backup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/25 09:38:55 | 000,001,024 | ---- | M] () -- C:\.rnd
[2006/08/01 18:30:26 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/05/12 08:23:10 | 000,020,520 | ---- | M] () -- C:\bar.emf
[2011/07/17 20:49:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/26 08:08:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2006/08/07 14:19:08 | 000,000,162 | ---- | M] () -- C:\BURNER2.LOG
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/26 20:42:06 | 000,023,030 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/08/07 13:58:52 | 000,073,544 | ---- | M] () -- C:\debug.log
[2006/02/23 19:09:32 | 000,005,260 | RH-- | M] () -- C:\dell.sdr
[2011/09/26 20:35:20 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/01 17:04:37 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2009/04/23 12:12:16 | 000,000,743 | ---- | M] () -- C:\JavaRa.log
[2004/08/11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/01 15:14:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/26 20:35:19 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2007/05/02 19:47:05 | 000,001,435 | ---- | M] () -- C:\photodex-presenter-install.log
[2008/01/19 20:16:08 | 000,001,736 | ---- | M] () -- C:\photodex_dshow.log
[2010/04/08 19:49:42 | 000,004,042 | ---- | M] () -- C:\Rescued document 1.txt
[2007/07/16 08:08:11 | 000,003,616 | ---- | M] () -- C:\Rescued document.txt
[2007/07/04 07:33:38 | 000,035,690 | ---- | M] () -- C:\SBCSTray.log
[2006/10/04 10:07:54 | 000,000,711 | ---- | M] () -- C:\Settings.ini
[2007/08/30 18:10:29 | 002,407,137 | ---- | M] () -- C:\sysinfo.txt
[2011/03/05 13:39:37 | 000,000,743 | ---- | M] () -- C:\updatedatfix.log
[2007/02/15 07:58:12 | 000,000,289 | ---- | M] () -- C:\wpsys.ini
[2008/06/10 13:10:48 | 000,000,152 | ---- | M] () -- C:\YServer.txt
[2006/08/07 13:50:28 | 000,000,013 | RH-- | M] () -- C:\~State.INI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/11 19:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2004/05/13 13:40:56 | 000,051,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP034 .DLL
[2008/10/16 20:35:50 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc. dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
[2008/07/06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
[2002/05/14 16:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint 2000.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/07/17 11:30:50 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[1997/05/11 21:18:56 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HPRAC.BMP
[1997/02/25 10:30:36 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HPRES.BMP
[1997/02/25 12:09:10 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HREF.BMP
[1997/02/25 10:30:56 | 000,265,702 | ---- | M] () -- C:\Program Files\A1HSTUD.BMP
[1997/05/07 17:13:38 | 000,064,846 | ---- | M] () -- C:\Program Files\CHMETRO.MID
[2005/09/09 20:55:52 | 037,766,164 | ---- | M] () -- C:\Program Files\Data1.cab
[2007/04/13 10:32:27 | 000,004,319 | ---- | M] () -- C:\Program Files\DEISL1.ISU
[1998/01/12 09:26:40 | 000,590,064 | ---- | M] (Charanga Ltd) -- C:\Program Files\GCOACHA1.EXE
[2007/04/13 10:31:36 | 000,000,138 | ---- | M] () -- C:\Program Files\GCOACHA1.INI
[2008/12/28 1915 | 000,000,064 | ---- | M] () -- C:\Program Files\GCOACHA1.LDB
[1997/10/27 13:32:56 | 001,441,792 | ---- | M] () -- C:\Program Files\GCOACHA1.MDB
[2005/09/09 20:55:53 | 007,155,864 | ---- | M] () -- C:\Program Files\NGhost10.msi
[1999/02/22 11:22:32 | 000,004,313 | ---- | M] () -- C:\Program Files\README.TXT
[2005/09/09 20:55:53 | 000,000,035 | ---- | M] () -- C:\Program Files\SCSSDist.ini
[2004/08/09 23:30:22 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe
[1997/05/29 10:41:06 | 000,012,800 | ---- | M] (HyperCALL Systems Ltd) -- C:\Program Files\VFW1.EXE
[1998/10/01 15:20:58 | 000,019,904 | ---- | M] (Stirling Technologies Inc.) -- C:\Program Files\_ISREG16.DLL

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/01 15:23:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/03/01 14:37:16 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/11 19:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/26 08:02:14 | 004,228,783 | R--- | M] (Swearware) -- C:\Documents and Settings\Pierre and Marielle\Desktop\ComboFix.exe
[2011/09/26 21:12:59 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre and Marielle\Desktop\OTL.exe
[2009/10/17 09:50:09 | 036,028,096 | ---- | M] (Raxco Software, Inc. ) -- C:\Documents and Settings\Pierre and Marielle\Desktop\PerfectSpeed.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/03/01 14:37:14 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Pierre and Marielle\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/04/29 18:23:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Pierre and Marielle\Cookies\desktop.ini
[2011/09/26 21:10:36 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Pierre and Marielle\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 02:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 03:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 03:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 16:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 19:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 02:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 03:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 03:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 03:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 03:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 03:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2002/07/17 16:22:34 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9497E060
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5694BFB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CE269

< End of report >

All I can do here is to check if your computer is clean.
I have no idea what is proper number of packets sent, or received.
How do you check it/

You have some Norton's leftovers.
Please run this tool to remove them: https://www-secure.symantec.com/nort...edirect_pubweb

================================================== ================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  IE - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>
  FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
  FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
  FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
  O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
  O3 - HKU\S-1-5-21-3163709025-299304780-3033990286-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
  O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
  [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [2008/04/05 11:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
  [2008/11/28 18:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
  [2010/01/22 12:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Registry Mechanic
  [2011/03/25 14:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre and Marielle\Application Data\Uniblue
  @Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
  @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9497E060
  @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5694BFB
  @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:890CE269
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

I have run this a few times and, each time, it seems to freeze: the OTL window becomes white (ie no text) and then nothing happens. This also happened last night on a run I did overnight. Any suggestions?