XP PC with problems
-
XP PC with problems
You helped once before and were vey helpful - but I have problems again and would appreciate some more help.
My pc has been acting oddly for a while
Slow going
Slow start up
failing to shut down
freezing
mouse freeze
Scary 4 tone tones (high, low, low, high) Several times with no apparent reason.
The requested logs follow. GMER won't complete even in safe mode.
Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: v2012.01.31.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
David_p :: DAVID [administrator]
31/01/2012 17:19:40
mbam-log-2012-01-31 (17-19-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266196
Time elapsed: 28 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
------------------------------------------------------------
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-01 17:01:17
-----------------------------
17:01:17.953 OS Version: Windows 5.1.2600 Service Pack 3
17:01:17.953 Number of processors: 2 586 0x2B01
17:01:17.953 ComputerName: DAVID UserName:
17:01:26.002 Initialize success
17:01:56.008 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\m52871Port2Path0Target0Lun0
17:01:56.008 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 1
17:01:56.008 Device \Driver\m5287 -> DriverStartIo SCSIPORT.SYS f72d040e
17:01:56.024 Disk 0 MBR read successfully
17:01:56.024 Disk 0 MBR scan
17:01:56.024 Disk 0 unknown MBR code
17:01:56.040 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 234676 MB offset 63
17:01:56.055 Disk 0 Partition 2 00 12 Compaq diag RECOVERY 3796 MB offset 480616605
17:01:56.055 Disk 0 scanning sectors +488392065
17:01:56.133 Disk 0 scanning C:\WINDOWS\system32\drivers
17:02:57.303 Service scanning
17:03:02.538 Modules scanning
17:03:18.057 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
17:03:51.096 Disk 0 trace - called modules:
17:03:51.112 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll m5287.sys
17:03:51.127 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87177140]
17:03:51.127 3 CLASSPNP.SYS[f74dcfd7] -> nt!IofCallDriver -> \Device\Scsi\m52871Port2Path0Target0Lun0[0x87183a38]
17:03:51.127 Scan finished successfully
17:05:49.934 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David_p\Desktop\logs\MBR.dat"
17:05:49.950 The log file has been saved successfully to "C:\Documents and Settings\David_p\Desktop\logs\aswMBR log.txt"
------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_29
Run by David_p at 20:36:10 on 2012-02-01
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.421 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SHVRTF.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\s wg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Protect] SHVRTF.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Memeo Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lau nch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.laplink.com/scan8/oscan8.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173222094875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1FFF0EAB-4EC6-461B-A442-3C0829481C15} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david_p\application data\mozilla\firefox\profiles\mbudi456.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - component: c:\documents and settings\david_p\application data\mozilla\firefox\profiles\mbudi456.default\ext ensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\david_p\application data\mozilla\firefox\profiles\mbudi456.default\ext ensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\david_p\application data\mozilla\firefox\profiles\mbudi456.default\ext ensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\david_p\application data\mozilla\firefox\profiles\mbudi456.default\ext ensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\david_p\application data\mozilla\firefox\profiles\mbudi456.default\ext ensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npF FApi.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.d ll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg2012\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotc ore2.sys [2007-7-1 30808]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2006-1-16 103680]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2006-4-4 14080]
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [2008-9-5 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [2008-9-5 725248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\doc uments and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\3 4302\RapportCerberus32_34302.sys [2011-12-7 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-4 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-4 164112]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-10-11 38504]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [2012-1-9 84471]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2009-6-11 54752]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-4 931640]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-10-11 130976]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-10-11 955816]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\buffalo\encrdisk\encrdlg.exe -service_execute --> c:\program files\buffalo\encrdisk\ENCRDLG.exe -Service_Execute [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [2012-1-9 5304]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [2011-7-11 16720]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\p rogram files\memeo\autobackup\MemeoBackgroundService.exe [2010-7-28 25824]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-10-11 892336]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2009-1-17 8960]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-1-17 17152]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-1-17 14336]
S3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baselin e\RapportIaso.sys [2011-11-4 21520]
S3 SPYPRV;SPYPRV;\??\c:\windows\system32\drivers\spyp rv.sys --> c:\windows\system32\drivers\SPYPRV.SYS [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-1 136176]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-01-11 16:49:04 -------- d-sh--w- C:\found.004
2012-01-09 16:07:05 9658 ----a-w- c:\windows\system32\drivers\AliGP.sys
2012-01-09 16:07:05 84471 ----a-w- c:\windows\system32\drivers\AliEhci.sys
2012-01-09 16:07:05 5304 ----a-w- c:\windows\system32\drivers\AliRtHub.sys
2012-01-09 16:07:05 32118 ----a-w- c:\windows\system32\drivers\AliHub.sys
2012-01-09 15:37:32 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-01-09 15:27:37 -------- dc----w- c:\documents and settings\all users\Uniblue
2012-01-09 15:25:41 -------- d-----w- c:\program files\Uniblue
2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-09 15:38:43 103680 ----a-w- c:\windows\system32\drivers\m5287.sys
2012-01-09 15:37:33 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 09:04:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14
44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 1444 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 11:55:18 64272 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
============= FINISH: 20:39:36.06 ===============
--------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/03/2006 22:01:07
System Uptime: 01/02/2012 20:17:37 (0 hours ago)
.
Motherboard: eveshamvale | | MS-7194
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | CPU 1 | 2211/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 101.432 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\CD070110DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\CD070110DC00
Service: NIC1394
.
==== System Restore Points ===================
.
RP829: 17/11/2011 17:08:29 - System Checkpoint
RP830: 18/11/2011 09:11:52 - System Checkpoint
RP831: 21/11/2011 18:30:55 - System Checkpoint
RP832: 23/11/2011 09:07:07 - System Checkpoint
RP833: 25/11/2011 08:49:37 - System Checkpoint
RP834: 25/11/2011 1838 - Installed Java(TM) 6 Update 29
RP835: 26/11/2011 19:16:07 - System Checkpoint
RP836: 28/11/2011 14:34:26 - System Checkpoint
RP837: 29/11/2011 14:54:26 - System Checkpoint
RP838: 30/11/2011 1556 - System Checkpoint
RP839: 01/12/2011 17:29:38 - System Checkpoint
RP840: 02/12/2011 17:53:49 - System Checkpoint
RP841: 04/12/2011 13:08:11 - System Checkpoint
RP842: 04/12/2011 19:49:56 - Software Distribution Service 3.0
RP843: 06/12/2011 19:14:59 - System Checkpoint
RP844: 08/12/2011 14:27:13 - System Checkpoint
RP845: 10/12/2011 10:12:58 - System Checkpoint
RP846: 12/12/2011 10:32:57 - System Checkpoint
RP847: 13/12/2011 12:16:24 - System Checkpoint
RP848: 16/12/2011 10:53:14 - System Checkpoint
RP849: 19/12/2011 11:35:39 - System Checkpoint
RP850: 19/12/2011 15
04 - Software Distribution Service 3.0
RP851: 21/12/2011 13:57:55 - System Checkpoint
RP852: 23/12/2011 11:05:33 - System Checkpoint
RP853: 23/12/2011 12:54:30 - Restore Operation
RP854: 24/12/2011 19:45:17 - System Checkpoint
RP855: 28/12/2011 11:34:26 - System Checkpoint
RP856: 29/12/2011 13:15:58 - System Checkpoint
RP857: 30/12/2011 13:40:57 - System Checkpoint
RP858: 01/01/2012 20:30:35 - System Checkpoint
RP859: 04/01/2012 14:55:50 - System Checkpoint
RP860: 06/01/2012 11:53:47 - System Checkpoint
RP861: 08/01/2012 10:33:31 - System Checkpoint
RP862: 09/01/2012 13:12:07 - System Checkpoint
RP863: 09/01/2012 15:36:16 - DriverScanner - 1/9/2012 3:35:53 PM
RP864: 09/01/2012 15:37:32 - DriverScanner - 1/9/2012 3:37:21 PM
RP865: 09/01/2012 15:38:39 - DriverScanner - 1/9/2012 3:38:23 PM
RP866: 09/01/2012 16:06:56 - DriverScanner - 1/9/2012 4:06:42 PM
RP867: 09/01/2012 16:29:32 - DriverScanner - 1/9/2012 4:26:39 PM
RP868: 09/01/2012 16:32:05 - DriverScanner - 1/9/2012 4:31:53 PM
RP869: 09/01/2012 16:34:03 - DriverScanner - 1/9/2012 4:33:53 PM
RP870: 09/01/2012 16:36:36 - DriverScanner - 1/9/2012 4:36:26 PM
RP871: 09/01/2012 16:40:54 - DriverScanner - 1/9/2012 4:40:44 PM
RP872: 09/01/2012 16:41:29 - DriverScanner - 1/9/2012 4:41:19 PM
RP873: 09/01/2012 16:41:52 - DriverScanner - 1/9/2012 4:41:42 PM
RP874: 11/01/2012 10:42:32 - System Checkpoint
RP875: 11/01/2012 11:08:44 - Update to an unsigned driver
RP876: 11/01/2012 11:12:20 - Unsigned driver install
RP877: 11/01/2012 15:37:13 - Unsigned driver install
RP878: 16/01/2012 10:51:12 - System Checkpoint
RP879: 16/01/2012 12:28:14 - Software Distribution Service 3.0
RP880: 17/01/2012 16:41:12 - System Checkpoint
RP881: 19/01/2012 09:22:10 - System Checkpoint
RP882: 19/01/2012 11:39:25 - Unsigned driver install
RP883: 20/01/2012 13:19:27 - System Checkpoint
RP884: 21/01/2012 19:06:12 - System Checkpoint
RP885: 23/01/2012 11:17:10 - System Checkpoint
RP886: 25/01/2012 12:14:05 - System Checkpoint
RP887: 25/01/2012 13:09:45 - Removed Bonjour
RP888: 25/01/2012 13:43:16 - Software Distribution Service 3.0
RP889: 25/01/2012 17:04:33 - Removed Microsoft Office Live Add-in 1.3
RP890: 26/01/2012 12:07:49 - Restore Operation
RP891: 26/01/2012 13:17:44 - Software Distribution Service 3.0
RP892: 26/01/2012 16:17:09 - Removed Nitro PDF Reader 2
RP893: 27/01/2012 15:30:23 - Restore Operation
RP894: 27/01/2012 15:37:43 - Restore Operation
RP895: 27/01/2012 22:02:25 - Unsigned driver install
RP896: 28/01/2012 19:51:19 - Unsigned driver install
RP897: 30/01/2012 12:24:12 - Software Distribution Service 3.0
RP898: 31/01/2012 10:31:22 - Removed Before You Know It
RP899: 31/01/2012 12:24:21 - Software Distribution Service 3.0
RP900: 31/01/2012 19:55:48 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
ACDSee 3.1 (SR-1)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop Elements 2.0
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Apple Application Support
Applet_App
Applet_Copy
Applet_Creativity
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Web
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.3.4
AVG 2012
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BBC iPlayer Desktop
BUFFALO eco Manager for HD
BUFFALO INC. DISK FORMATTER
BUFFALO Secure Lock Ware
BUFFALO TurboUSB for FLASH/HDD
CCleaner
Charting Companion for Family Tree Maker
Click to Call with Skype
Clipart.com Sampler 40,000
CNXT V92 Data Fax Voice
Compatibility Pack for the 2007 Office system
Copy Utility
Critical Update for Windows Media Player 11 (KB959772)
Dan Elwell's Broadband Speed Test
Duplicate Cleaner 1.4.5
DVD Flick
DVD To Audio Converter 1.00
Enable S3 for USB Device
EPSON Smart Panel
ESET Online Scanner v3
Express Burn
Family Tree Maker 2006
FlashLynx Video Download Software
FloorPlan 3D v9
FreshDiagnose
Genie Backup Manager V4.0
getPlus(R)_ocx
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iolo technologies' System Mechanic 6
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) SE Runtime Environment 6 Update 1
JPEG Lossless Rotator 5.0
Junk Mail filter update
Kubex Software 3D Home Designer
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
LS_HSI
MAGIX audio cleaning lab 2004 deLuxe
MAGIX Media Manager silver
Malwarebytes Anti-Malware version 1.60.1.1000
Memeo Backup
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2000 Standard
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft PowerPoint Viewer 97
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 2000 Setup Launcher
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.19)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MT2OFX V3.5.37
Nero
O&O DiskRecovery
OpenAL
Oxygen AVCHD Player Lite
Paragon Partition Manager 8.0 Personal
Password Depot 3
PHOTOfunSTUDIO HD Edition
PhotoStage Slideshow Producer
Picasa 3
Pinnacle Hollywood FX 4.6
PixiePack Codec Pack
Pixillion Image Converter
PowerDVD
Presto! ImageFolio 4.2
Presto! VideoWorks 5.0
Prism Video Converter
QuarkXPress 5.01
QuickTime
R-Studio 5.2
Rapport
Readiris 7.0
RealPlayer
Realtek High Definition Audio Driver
Recuva
RegUtility version 4.1
Roxio Easy Media Creator 7 Basic DVD Edition
Roxio EasyWrite Reader
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Serif WebPlus 6.0
Skype™ 5.5
Sothink Movie DVD Maker
Spybot - Search & Destroy 2
Studio 8
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
TreeSize Professional 4.0
U3Launcher
ULi Chipset Driver
Uniblue DriverScanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC 9.0 Runtime
Visioneer 4400 Scanner
VLC media player 1.1.11
vShare Plugin
WebEx
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WOT for Internet Explorer
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Spy Blocker
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
31/01/2012 15:44:40, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
31/01/2012 15:43:50, error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/01/2012 15:43:49, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
31/01/2012 15:43:49, error: Service Control Manager [7000] - The MemeoBackgroundService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/01/2012 15:43:44, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MemeoBackgroundService service to connect.
31/01/2012 10:55:43, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
31/01/2012 10:55:13, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TwonkyMedia service.
30/01/2012 12:23:44, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
30/01/2012 12:18:33, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
30/01/2012 11:06:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
30/01/2012 10:31:19, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
30/01/2012 10:04:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Avgldx86 Avgmfx86 cdudf_xp Fips SDHookDriver
28/01/2012 12:14:05, error: Print [19] - Sharing printer failed + 1722, Printer PDF-XChange 2 DE share name Printer2.
27/01/2012 17:51:55, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/01/2012 17:51:54, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
27/01/2012 17:51:48, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/01/2012 17:51:34, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
26/01/2012 17:43:06, error: Print [19] - Sharing printer failed + 1722, Printer Samsung ML-6060 Series PCL6 share name Printer.
26/01/2012 14:25:58, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 14:25:56, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
26/01/2012 14:25:17, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
26/01/2012 12:16:10, error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
26/01/2012 12:01:59, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
26/01/2012 12:01:40, error: Service Control Manager [7023] - The Process Monitor service terminated with the following error: The system cannot open the device or file specified.
26/01/2012 12:01:40, error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: The parameter is incorrect.
26/01/2012 12:00:43, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer6.
26/01/2012 11:20:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/01/2012 11:20:19, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
26/01/2012 11:16:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
26/01/2012 11:02:45, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
26/01/2012 10:58:01, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix cdudf_xp Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SDHookDriver Tcpip Tcpip6 Vsdatant
26/01/2012 10:58:01, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 10:58:01, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 10:58:01, error: Service Control Manager [7001] - The Simple TCP/IP Services service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 10:58:01, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 10:58:01, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 10:58:01, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 10:58:01, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 10:58:01, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
26/01/2012 0936, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TapiSrv service.
26/01/2012 0936, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
26/01/2012 0936, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.
26/01/2012 0936, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0936, error: Service Control Manager [7000] - The Telephony service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0935, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
26/01/2012 0934, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
26/01/2012 0934, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Browser service.
26/01/2012 0934, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0934, error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0934, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0934, error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0934, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0933, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the winmgmt service.
26/01/2012 0933, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 0932, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
26/01/2012 0930, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TrkWks service.
26/01/2012 0930, error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 09:20:23, error: DCOM [10005] - DCOM got error "%231" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
26/01/2012 08:52:37, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
26/01/2012 08:52:07, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
26/01/2012 08:52:07, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/01/2012 08:50:37, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
25/01/2012 14:14:17, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
25/01/2012 13:59:07, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
25/01/2012 13:43:38, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP (KB2603381).
25/01/2012 13:43:24, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Security Update for Windows XP Media Center Edition 2005 Update Rollup 2 X86 Edition (KB2628259).
25/01/2012 13:43:24, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server 2003 and Windows XP x86 (KB982168).
01/02/2012 15:54:16, error: m5287 [9] - The device, \Device\Scsi\m52871, did not respond within the timeout period.
.
==== End Of File ===========================
-
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== =============
Download Bootkit Remover to your Desktop.
- Unzip downloaded file to your Desktop.
- Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL+C
- Open a Notepad and press CTRL+V
- Post the output back here.
================================================== ===============
Please download and run ListParts by Farbar (for 32-bit system)
Please download and run ListParts64 by Farbar (for 64-bit system)
Click on Scan button.
Scan result will open in Notepad.
Post it in your next reply.
-
I ran bootkit remover and got a message that "ATA pass throughdirect is not supported by your disk controller...." it then used SCSI pass through controller.
I am having problems using internet explorer to run properly but can use firefox ok.
I am posting the logs as requested and have not used any 'fix' options in the programs.
I'd be interested to know what virus I have picked up.
Thanks
----------
Bootkit Remover
(c) 2009 Esage Lab
Esage Lab - Digital security research and consulting - Main
Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 2dbd8b88ef675861304c5da9ec4be8e9
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
----------------------------------------------
Bootkit Remover
(c) 2009 Esage Lab
Esage Lab - Digital security research and consulting - Main
Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 2dbd8b88ef675861304c5da9ec4be8e9
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code
Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
Done;
Press any key to quit...
-
Sorry Broni I seem to have sent the first log twice. Here is the missing one.
-------------------------------------
ListParts by Farbar
Ran by David_p on 02-02-2012 at 00:35:42
Windows XP (X86)
Running From: C:\Documents and Settings\David_p\Desktop
************************************************** **********
========================= Memory info ======================
Percentage of memory in use: 28%
Total physical RAM: 1023.36 MB
Available physical RAM: 729.66 MB
Total Pagefile: 2460.73 MB
Available Pagefile: 2344.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 2002.94 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:229.18 GB) (Free:102.37 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive e: (200_0083V25) (CDROM) (Total:0.58 GB) (Free:0 GB) UDF
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 229 GB 32 KB
Partition 2 OEM 3797 MB 229 GB
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 229 GB Healthy System (partition with boot components)
Disk: 0
Partition 2
Type : 12
Hidden: Yes
Active: No
There is no volume associated with this partition.
****** End Of Log ******
-
The above looks good.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode (How to...)
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
I did all that was asked but have hit a problem.
When I started combo fix it gave me a warning that AVG was still running despite the fact that I removed it with the suggested software and re-booted. I checked on 'add remove programmes' and task manager and could not see it running.
I closed the combo fix window bit got a message saying it was going to run - but .....
I've now shut down the pc and am unsure what to do.
Help!
-
Disregard that warning and run Combofix anyway.
-
Thanks
I had a majotr panic when in the middle of all my problems getting comodo fix to work I started losing my internet connection. After hours of re-trying and checking I had to phone my ISP who revealed they had a problem at their end. Anyway here is the result.
Can I reinstall virus protection now?
ComboFix 12-02-02.01 - David_p 02/02/2012 12:03:49.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.377 [GMT 0:00]
Running from: c:\documents and settings\David_p\Desktop\davidscf.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-01-11 16:49 . 2012-01-23 21:00 -------- d-----w- C:\found.004
2012-01-09 16:07 . 2012-01-09 16:07 9658 ----a-w- c:\windows\system32\drivers\AliGP.sys
2012-01-09 16:07 . 2012-01-09 16:07 84471 ----a-w- c:\windows\system32\drivers\AliEhci.sys
2012-01-09 16:07 . 2012-01-09 16:07 5304 ----a-w- c:\windows\system32\drivers\AliRtHub.sys
2012-01-09 16:07 . 2012-01-09 16:07 32118 ----a-w- c:\windows\system32\drivers\AliHub.sys
2012-01-09 15:37 . 2012-01-09 15:37 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-01-09 15:27 . 2012-01-09 15:27 -------- dc----w- c:\documents and settings\All Users\Uniblue
2012-01-09 15:25 . 2012-01-09 15:25 -------- d-----w- c:\program files\Uniblue
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-01-09 15:38 . 2006-01-16 19:39 103680 ----a-w- c:\windows\system32\drivers\m5287.sys
2012-01-09 15:37 . 2005-09-30 11:11 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2011-12-10 15:24 . 2011-10-07 17:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 09:04 . 2011-07-27 10:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2006-01-17 01:26 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-01-17 01:26 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-01-17 01:26 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2006-01-17 01:26 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2006-01-17 01:26 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\erdnt\cache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-02-05 . F3A44708532B015509DB43570D366139 . 1284608 . . [5.1.2600.2606] . . c:\windows\$NtUninstallKB894391$\ole32.dll
[-] 2005-01-14 . 2E752611C9A9AE1B6BFD0DA03CF7F17E . 1284608 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\ole32.dll
[-] 2005-01-14 . ABDEF60CED7C04AB35A415EFB6B96D81 . 1285120 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894194$\ole32.dll
[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\ole32.dll
.
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
[-] 2004-08-10 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
.
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2011-10-25 . 36CAC3C8C4C10F4E21BFEABBFE7ACFFC . 2027008 . . [5.1.2600.6165] . . c:\windows\system32\ntkrnlpa.exe
[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntkrnlpa.exe
[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\erdnt\cache\ntkrnlpa.exe
[-] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[-] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
.
[-] 2011-10-25 . 3B663B9B193D7E1DE39A466020F1FD91 . 2148864 . . [5.1.2600.6165] . . c:\windows\system32\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2633171$\ntoskrnl.exe
[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\erdnt\cache\ntoskrnl.exe
[-] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[-] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . F6F8245B3A2E9CA834DD318E7AE0C6D0 . 2145280 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-13 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2006-12-19 . 57B9D140E1EB8B0EA06DF927B63B0EEE . 2137600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-09-29 . 25C36DBC46E8EFF2A811769A60715AC5 . 2136064 . . [5.1.2600.2765] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-10 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896256$\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 14864384]
"Protect"="SHVRTF.EXE" [2005-02-04 1011712]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Memeo Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-07-28 136416]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0iolobtdfg c:\windows\system32\0c:\progra~1\AVG\AVG10\avgchsv x.exe /sync\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]
2005-06-08 13:31 96256 ----a-w- c:\program files\iolo\System Mechanic 6\Delay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-12-20 07:50 2656528 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"East-Tec Backup 2007"="c:\program files\East-Tec Backup 2007\etBackup.exe" /startup
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Alcmtr"=ALCMTR.EXE
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ioloDelayModule"=c:\program files\iolo\System Mechanic 6\delay.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"PinnacleDriverCheck"=c:\windows\system32\PSDrvChe ck.exe -CheckReg
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotc ore2.sys [01/07/2007 16:13 30808]
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [16/01/2006 19:39 103680]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [04/04/2006 21:01 14080]
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [05/09/2008 11:00 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [05/09/2008 11:00 725248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\doc uments and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\3 4302\RapportCerberus32_34302.sys [07/12/2011 18:44 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [04/11/2011 11:55 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [04/11/2011 11:55 164112]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\AliEhci.sys [09/01/2012 16:07 84471]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 14:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 14:44 497280]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\p rogram files\Memeo\AutoBackup\MemeoBackgroundService.exe [28/07/2010 17:13 25824]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [04/11/2011 11:55 931640]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute --> c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute [?]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 14:41 92008]
R3 aliroothub;USB 2.0 Root Hub;c:\windows\system32\drivers\AliRtHub.sys [09/01/2012 16:07 5304]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [17/01/2009 18:51 8960]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [17/01/2009 18:08 17152]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [17/01/2006 01:26 14336]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baselin e\RapportIaso.sys [04/11/2011 11:58 21520]
S3 SPYPRV;SPYPRV;\??\c:\windows\system32\drivers\SPYP RV.SYS --> c:\windows\system32\drivers\SPYPRV.SYS [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/04/2010 22:52 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-09 14:43]
.
2012-01-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-10 09:19]
.
2012-02-01 c:\windows\Tasks\User_Feed_Synchronization-{22CFAAA0-B274-4BA7-A01F-6223A6A1E503}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.laplink.com/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-02 12:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(964)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-02-02 12:30:49
ComboFix-quarantined-files.txt 2012-02-02 12:30
.
Pre-Run: 108,820,852,736 bytes free
Post-Run: 109,164,847,104 bytes free
.
- - End Of File - - E78D103AAD9BC9035916F37533AE19B7
-
Looks good 
How is computer doing?
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
Logs follow.
My system is working faster however I still have aproblem with Internet Explorer freezing and I still get the irritating 4 tone or sometimes 2 tone 'ding dong'
Thanks again
--------------------------------------------------------------
OTL logfile created on: 03/02/2012 00:47:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David_p\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.36 Mb Total Physical Memory | 339.62 Mb Available Physical Memory | 33.19% Memory free
2.40 Gb Paging File | 1.73 Gb Available in Paging File | 71.90% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.18 Gb Total Space | 101.51 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive E: | 593.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: DAVID | User Name: David_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/03 00:44:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/04 11:55:04 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 14:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/10/20 14:43:56 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2010/07/28 17:13:38 | 001,479,904 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2010/07/28 17:13:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010/06/24 14:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/01/20 06:03:21 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/05/22 08:27:34 | 000,299,008 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/02/04 10:58:54 | 001,011,712 | ---- | M] () -- C:\WINDOWS\system32\SHVRTF.EXE
========== Modules (No Company Name) ==========
MOD - [2011/11/04 11:58:00 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baselin e\RapportMS.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/03 14:28:56 | 000,225,280 | ---- | M] () -- C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\npF FApi.dll
MOD - [2011/08/10 19:35:31 | 011,808,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\c72211783476964f96fe1990a13dd6e9\System.We b.ni.dll
MOD - [2011/08/10 19:35:08 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\c60af244ef59104bb8c51ffb99e92a23 \System.Configuration.ni.dll
MOD - [2011/08/10 19:35:06 | 001,724,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\c219c5f06fd5c64e9cfdc8a43f42049a \Microsoft.VisualBasic.ni.dll
MOD - [2011/08/10 18:52:05 | 006,688,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\d8a8d2f3e44c7c40bdf00168a3f39674\System.D ata.ni.dll
MOD - [2011/08/10 18:51:57 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\e97e5f6199bdc445bea8a7ee46affdd9\System.Xm l.ni.dll
MOD - [2011/08/10 18:51:51 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\8990b4cd07a7454580ca86258fe2f232 \System.Windows.Forms.ni.dll
MOD - [2011/08/10 18:51:39 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\2156e531818bbf46aaea6e1d92cac1e7\Syste m.Drawing.ni.dll
MOD - [2011/08/10 18:51:10 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\ec6fd8cbfad01e47be84b0643aab90af\System.ni.dll
MOD - [2011/08/10 18:50:50 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\13ad55be0d5a484d939a821cd349cdd7\mscorlib.ni .dll
MOD - [2011/08/10 18:50:20 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
MOD - [2011/08/10 18:50:15 | 002,878,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2011/08/10 18:50:11 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/08 09:08:57 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorl ib\1.0.5000.0__b77a5c561934e089_eb0eb637\mscorlib. dll
MOD - [2010/10/08 09:08:52 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .drawing\1.0.5000.0__b03f5f7f11d50a3a_31450f41\sys tem.drawing.dll
MOD - [2010/10/08 09:08:25 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .xml\1.0.5000.0__b77a5c561934e089_861bf923\system. xml.dll
MOD - [2010/10/08 09:08:15 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .windows.forms\1.0.5000.0__b77a5c561934e089_10a6dd a5\system.windows.forms.dll
MOD - [2010/10/08 09:08:00 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system \1.0.5000.0__b77a5c561934e089_3313a408\system.dll
MOD - [2010/10/08 09:07:45 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03 f5f7f11d50a3a\system.web.dll
MOD - [2010/10/08 09:07:45 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c5 61934e089\system.dll
MOD - [2010/07/28 17:13:54 | 002,887,904 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2010/07/28 17:13:50 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection .dll
MOD - [2010/04/05 18:52:36 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/01/16 19:12:27 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77 a5c561934e089\system.xml.dll
MOD - [2006/01/16 19:12:27 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000 .0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006/01/16 19:12:26 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0_ _b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/01/16 19:12:26 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1. 0.5000.0__b77a5c561934e089\system.runtime.remoting .dll
MOD - [2006/01/16 19:12:25 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5 000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/02/04 10:58:54 | 001,011,712 | ---- | M] () -- C:\WINDOWS\system32\SHVRTF.EXE
========== Win32 Services (SafeList) ==========
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/04 11:55:04 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/07/28 17:13:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/06/24 14:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/05/22 08:27:34 | 000,299,008 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe -- (SecureLockWare_InputPassword)
SRV - [2008/04/14 00:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
========== Driver Services (SafeList) ==========
DRV - [2012/01/09 16:07:05 | 000,084,471 | ---- | M] (ULi Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2012/01/09 16:07:05 | 000,005,304 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2012/01/09 15:38:43 | 000,103,680 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5287.sys -- (m5287)
DRV - [2012/01/09 15:37:33 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2011/12/07 18:44:52 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\3 4302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/04 11:58:00 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baselin e\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/04 11:55:18 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/04 11:55:18 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/03 14:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/11 07:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/12/17 06:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 06:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/12/17 06:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 06:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/29 11:39:22 | 000,008,960 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bautopw.sys -- (bautopw)
DRV - [2008/02/12 01:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2007/06/19 11:12:00 | 000,725,248 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SLWFIL.SYS -- (SecureLockWare_EncryptFilterDriver2)
DRV - [2007/06/19 11:11:00 | 000,725,120 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ENCRFIL.SYS -- (SecureLockWare_EncryptFilterDriver)
DRV - [2006/10/18 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/02 09:39:28 | 000,030,808 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore2.sys -- (hotcore2)
DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/10/18 13:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/01 22:40:43 | 000,014,080 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter)
DRV - [2005/03/01 15:53:42 | 000,291,456 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/01 15:53:12 | 000,024,064 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/01 15:44:04 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/01 15:40:24 | 000,202,368 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/01 15:39:20 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/01 15:27:26 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/05/08 0944 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/09/12 15:08:06 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2003/08/13 07:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/05/21 14:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/21 14:33:30 | 000,196,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/05/21 14:32:32 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/21 14:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/13 15:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/01/02 18:04:02 | 000,428,431 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2002/01/02 18:03:34 | 000,124,701 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2002/01/02 18:02:46 | 000,212,491 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2002/01/02 18:01:56 | 000,059,663 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2002/01/02 18:01:34 | 000,303,171 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2002/01/02 17:59:16 | 000,084,786 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2002/01/02 17:58:56 | 000,062,422 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2002/01/02 17:58:40 | 000,541,981 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.evesham.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.evesham.com/
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = BBC - Homepage
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.8.0.8
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npF FApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.d ll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/18 12:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/11 16:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 1620 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/11 16:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/02/14 13:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Extensions
[2008/05/22 10:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/02/01 20:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\ext ensions
[2009/12/12 18:14:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/13 13:25:21 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\ext ensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/10/10 11:34:59 | 000,003,739 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\sea rchplugins\avg-secure-search.xml
[2012/02/01 16:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/01 13:37:42 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/11 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/25 18:22:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/11 11:17:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = http://www.google.co.uk/search?hl=en&q={searchTerms}&btnG=Google+Search&me ta=cr=countryUK|countryGB&rlz=
CHR - default_search_provider: suggest_url =
CHR - Extension: AVG Safe Search = C:\Documents and Settings\David_p\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1374\
CHR - Extension: Click to call with Skype = C:\Documents and Settings\David_p\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.6.0.8153\
O1 HOSTS File: ([2012/02/02 12:18:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Protect] C:\WINDOWS\System32\SHVRTF.EXE ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/12/18 11:17:02 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.laplink.com/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exter...pAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1173222094875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/bbde...ivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1FFF0EAB-4EC6-461B-A442-3C0829481C15}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 19:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/06 15:54:17 | 000,008,471 | R--- | M] () - E:\autorun.apm -- [ UDF ]
O32 - AutoRun File - [2003/11/20 09:01:00 | 000,995,328 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/12/06 15:54:30 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\)
O34 - HKLM BootExecute: (iolobtdfg c:\windows\system32)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.NSVI - C:\WINDOWS\System32\Nsvideo.dll ()
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/02/03 00:44:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
[2012/02/02 12:58:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/02 11:59:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/02 11:59:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/02 11:59:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/02 11:59:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/02 11:54:51 | 004,395,504 | R--- | C] (Swearware) -- C:\Documents and Settings\David_p\Desktop\davidscf.exe
[2012/02/02 02:18:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 00:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David_p\Desktop\bootkit_remover
[2012/02/01 17:17:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\David_p\Desktop\dds.scr
[2012/02/01 1631 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\David_p\Desktop\aswMBR.exe
[2012/01/30 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David_p\Desktop\logs
[2012/01/11 16:49:04 | 000,000,000 | ---D | C] -- C:\found.004
[2012/01/09 16:07:05 | 000,084,471 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliEhci.sys
[2012/01/09 16:07:05 | 000,032,118 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliHub.sys
[2012/01/09 16:07:05 | 000,009,658 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliGP.sys
[2012/01/09 16:07:05 | 000,005,304 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliRtHub.sys
[2012/01/09 15:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2012/01/09 15:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2012/01/09 15:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2007/04/23 18:24:54 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
========== Files - Modified Within 30 Days ==========
[2012/02/03 00:44:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
[2012/02/03 00:38:04 | 000,441,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/03 00:38:03 | 000,073,136 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/03 00:35:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 00:35:13 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012/02/03 00:34:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 00:34:40 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 18:38:34 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{22CFAAA0-B274-4BA7-A01F-6223A6A1E503}.job
[2012/02/02 12:41:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/02/02 12:18:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/02 11:58:09 | 004,395,504 | R--- | M] (Swearware) -- C:\Documents and Settings\David_p\Desktop\davidscf.exe
[2012/02/02 00:35:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts32.exe
[2012/02/02 00:07:29 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts64.exe
[2012/02/02 00:01:05 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\bootkit_remover.zip
[2012/02/01 17:17:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\David_p\Desktop\dds.scr
[2012/02/01 1652 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David_p\Desktop\aswMBR.exe
[2012/02/01 10:13:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\33gld95m.exe
[2012/01/31 20:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/31 16:01:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 13:03:09 | 000,480,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/30 11:53:38 | 000,001,828 | ---- | M] () -- C:\WINDOWS\SysMech6.INI
[2012/01/25 14:51:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/19 10:31:51 | 000,435,628 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120126-103146.backup
[2012/01/19 09:08:26 | 000,415,916 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/17 11:09:24 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/12 10:32:34 | 000,435,628 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-103151.backup
[2012/01/09 16:07:05 | 000,084,471 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliEhci.sys
[2012/01/09 16:07:05 | 000,032,118 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliHub.sys
[2012/01/09 16:07:05 | 000,009,658 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliGP.sys
[2012/01/09 16:07:05 | 000,005,304 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliRtHub.sys
[2012/01/09 15:38:43 | 000,103,680 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\System32\drivers\m5287.sys
[2012/01/09 15:37:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\RtNicProp32.dll
========== Files Created - No Company Name ==========
[2012/02/02 11:59:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/02 11:59:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/02 11:59:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/02 11:59:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/02 11:59:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/02 09:25:10 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/02 00:35:15 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\ListParts32.exe
[2012/02/02 00:07:29 | 000,800,211 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\ListParts64.exe
[2012/02/02 00:01:03 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\bootkit_remover.zip
[2012/02/01 10:13:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\33gld95m.exe
[2012/01/31 16:01:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 15:37:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/01/09 15:27:32 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/11/26 18:43:57 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv5
[2011/09/09 17:29:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/09/09 16:50:48 | 000,001,075 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2011/05/18 13:34:43 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/06 14:33:53 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\memorybar.exe
[2010/07/21 09:14:26 | 000,000,137 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2010/06/30 15:48:14 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/11 22:51:50 | 000,002,555 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2010/05/11 22:51:03 | 000,002,693 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2010/02/11 04:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 04:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/12/21 17:55:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/21 17:18:50 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/25 12:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/24 14:23:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/10/22 17:01:21 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/10/22 17:01:21 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/10/22 17:01:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/10/22 17:01:21 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/10/22 17:01:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/10/22 17:01:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/10/22 17:01:21 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/10/22 17:01:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/10/22 17:01:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/10/22 17:01:21 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/10/22 17:01:21 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/10/22 17:01:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/10/22 17:01:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/22 17:01:20 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/10/22 17:01:20 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/10/22 17:01:20 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/10/22 17:01:20 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/10/22 17:01:20 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/10/22 17:01:20 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/01 10:58:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/09/01 10:51:41 | 000,002,345 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2009/09/01 10:41:39 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/09/01 10:41:39 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2009/09/01 10:41:39 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2009/09/01 10:41:39 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2009/09/01 10:41:39 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/02/14 13:39:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/28 00:18:52 | 008,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/10/30 09:47:38 | 000,098,924 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/05 11:00:25 | 000,006,979 | ---- | C] () -- C:\WINDOWS\UN080616.INI
[2008/09/05 11:00:20 | 000,007,925 | ---- | C] () -- C:\WINDOWS\UN020914.INI
[2008/09/05 11:00:08 | 000,012,348 | ---- | C] () -- C:\WINDOWS\UN050225.INI
[2008/09/05 10:59:57 | 000,006,353 | ---- | C] () -- C:\WINDOWS\UN070618.INI
[2008/01/25 12:18:43 | 000,000,699 | ---- | C] () -- C:\WINDOWS\dvdtoaudioconverter.ini
[2008/01/25 12:08:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtoaudio.dat
[2008/01/25 12:08:30 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2008/01/25 12:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2008/01/25 12:08:29 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/01/22 20:13:52 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFreeLite.INI
[2008/01/21 15:23:56 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2007/12/04 09:33:28 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/12/03 09:54:40 | 000,001,828 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2007/12/03 00:20:59 | 001,212,416 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/12/03 00:20:59 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2007/12/03 00:20:59 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/08/18 19:16:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2007/08/14 19:38:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/07/01 16:12:55 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2007/07/01 16:12:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/04/23 18:24:53 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\u25dts.dll
[2007/04/06 15:11:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/30 22:31:41 | 000,038,476 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\Comma Separated Values (DOS).ADR
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/04 16:03:20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/14 14:45:18 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006/10/11 09:13:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/09/18 12:28:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\FP3D.INI
[2006/09/04 11:32:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\burnit.INI
[2006/08/11 10:16:04 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/08/11 10:16:04 | 000,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/08/11 10:16:01 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2006/08/11 10:16:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2006/08/11 10:16:01 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2006/08/11 10:15:51 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2006/06/19 12:05:38 | 000,000,195 | ---- | C] () -- C:\WINDOWS\Retrieve7.INI
[2006/04/15 19:58:59 | 000,024,962 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\Comma Separated Values (Windows).ADR
[2006/03/27 23:47:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\FASTWiz.html
[2006/03/27 11:46:03 | 000,026,762 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\Microsoft Access.ADR
[2006/03/22 16:39:05 | 000,008,192 | -HS- | C] () -- C:\WINDOWS\o2cLicStore.bin
[2006/03/22 15:46:19 | 000,000,129 | ---- | C] () -- C:\WINDOWS\PHOTOIMP.INI
[2006/03/21 21:09:48 | 000,000,160 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2006/03/21 21:09:46 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2006/03/21 20:40:43 | 000,000,886 | ---- | C] () -- C:\WINDOWS\EReg.dat
[2006/03/21 13:23:31 | 000,000,146 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/03/21 12:52:04 | 000,003,900 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2006/03/21 12:52:03 | 000,000,271 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2006/03/21 12:51:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/03/21 12:50:36 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/03/21 12:41:43 | 000,140,573 | ---- | C] () -- C:\WINDOWS\UNENC97Z.EXE
[2006/03/21 01:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/03/21 01:31:17 | 000,000,444 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2006/03/21 01:28:59 | 000,000,155 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006/03/21 01:28:58 | 000,000,730 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/03/21 01:20:35 | 000,215,040 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/21 01:00:43 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/03/21 00:49:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/18 1103 | 000,437,692 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\imageCache7.db
[2006/03/17 23:02:42 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\wklnhst.dat
[2006/03/17 22:01:21 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\fusioncache.dat
[2006/01/17 01:26:38 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/01/17 01:26:34 | 000,091,440 | ---- | C] () -- C:\WINDOWS\SETUPBTCLICK.EXE
[2006/01/17 01:26:34 | 000,001,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/17 01:26:13 | 000,441,966 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/17 01:26:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/17 01:26:13 | 000,073,136 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/17 01:26:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/17 01:26:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/17 01:26:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/17 01:26:12 | 000,004,674 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/17 01:26:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/17 01:26:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/17 01:26:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/17 01:26:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/17 01:26:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/16 21:51:49 | 000,003,313 | ---- | C] () -- C:\WINDOWS\System32\MBR.INI
[2006/01/16 21:32:41 | 001,011,712 | ---- | C] () -- C:\WINDOWS\System32\SHVRTF.EXE
[2006/01/16 21:32:41 | 000,001,009 | ---- | C] () -- C:\WINDOWS\System32\START.INI
[2006/01/16 21:32:41 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\STARTREC.INI
[2006/01/16 21:32:41 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\RECGUARD.INI
[2006/01/16 19:52:44 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/01/16 19:46:31 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/01/16 19:46:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/01/16 19:36:45 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/16 19:08:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/16 19:03:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/16 18:57:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/16 1851 | 000,480,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/16 14:19:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/04 13:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/01 14:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2003/03/19 18:14:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/22 16:54:28 | 000,010,539 | ---- | C] () -- C:\WINDOWS\System32\NICFIND.EXE
[2001/07/25 12:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 12:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[2000/04/12 20:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/09/30 19:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1997/09/11 23:00:00 | 001,691,408 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/09/11 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/11 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/09/11 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/12/01 22:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2010/10/20 11:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/11/13 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/10/20 12:09:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/12/04 09:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/08/02 23:10:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2009/01/21 00:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2012/02/02 01:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/10 22:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/18 13:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/09/09 1638 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/03/12 12:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/30 15:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/07/10 22:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/17 08:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/07/03 10:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2011/07/22 12:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/01/31 13:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TwonkyMedia
[2010/04/01 00:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/03/21 13:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\ACD Systems
[2008/07/03 11:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\ACDInTouch
[2011/03/12 13:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\AceBIT
[2010/04/03 17:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Ashampoo Photo Commander 3
[2011/11/24 17:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Audacity
[2009/06/23 09:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73D DBBD723A6DA9D.1
[2011/11/13 13:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\CheckPoint
[2011/07/21 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Downloaded Installations
[2011/09/11 14:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\DriverFinder
[2011/11/03 15:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\ElevatedDiagnostics
[2012/01/23 21:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\FreshDiagnose
[2010/05/26 20:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Genie-Soft
[2006/12/21 13:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Hemera
[2007/05/30 15:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Jasc
[2006/03/21 01:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Leadertech
[2011/08/10 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Memeo
[2006/08/10 21:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\MSNInstaller
[2011/11/24 10:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\MT2OFX
[2006/03/21 01:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\MyFamily.com
[2007/03/07 20:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Nikon
[2011/06/26 11:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Nitro PDF
[2009/10/24 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Panasonic
[2006/12/11 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Plant Encyclopedia
[2011/05/18 13:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\PrimoPDF
[2006/03/21 01:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Progeny
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\SampleView
[2006/10/22 10:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Sports Interactive
[2006/03/17 23:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Template
[2009/02/14 13:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Thunderbird
[2007/12/20 17:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\TomTom
[2010/07/07 16:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Toxik Software
[2012/01/09 15:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Uniblue
[2011/01/16 12:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\vShare
[2010/03/30 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\webex
[2010/12/18 11:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\William Hill Outlook Addin
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2006/03/25 10:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\BullGuard
[2007/12/14 14:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Grisoft
[2007/05/04 17:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\MyFamily.com
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\SampleView
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sudge\Application Data\SampleView
[2012/02/03 00:35:13 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2012/02/02 18:38:34 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{22CFAAA0-B274-4BA7-A01F-6223A6A1E503}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/07/05 10:32:26 | 000,476,258 | ---- | M] () -- C:\all in temp photo fun studio.csv
[2006/01/16 19:06:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/11/14 17:30:33 | 000,000,359 | RHS- | M] () -- C:\boot.ini
[2006/08/10 13:30:32 | 000,256,512 | ---- | M] () -- C:\CAPT000.avi
[2007/12/16 12:41:46 | 001,244,214 | ---- | M] () -- C:\CAPT000.BMP
[2006/08/16 1145 | 000,256,512 | ---- | M] () -- C:\CAPT001.avi
[2007/12/16 12:44:36 | 001,244,214 | ---- | M] () -- C:\CAPT001.BMP
[2010/12/15 17:11:41 | 000,010,055 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/02 12:30:50 | 000,021,907 | ---- | M] () -- C:\ComboFix.txt
[2006/01/16 19:06:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/08 12:15:20 | 000,000,311 | ---- | M] () -- C:\GBI.INI
[2008/07/10 1627 | 000,000,295 | ---- | M] () -- C:\gsupdate.log
[2012/02/03 00:34:40 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/21 13:37:04 | 000,155,648 | ---- | M] () -- C:\HTGD0007.exe
[2006/01/16 19:06:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/11 11:45:24 | 000,026,197 | ---- | M] () -- C:\JavaRa.log
[2010/05/16 11:45:41 | 000,011,453 | ---- | M] () -- C:\logfile
[2006/01/16 19:06:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/02 08:14:10 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/03 00:34:38 | 1609,601,024 | -HS- | M] () -- C:\pagefile.sys
[2010/04/03 17:07:23 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2008/12/06 20:48:18 | 000,089,580 | -H-- | M] () -- C:\POF$$THM.TOF
[2006/03/14 17:10:31 | 000,001,210 | ---- | M] () -- C:\QClog.txt
[2009/01/15 1803 | 000,000,180 | ---- | M] () -- C:\Rescued document.txt
[2011/11/02 16:58:31 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2009/10/24 11:53:22 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2006/03/22 15:31:23 | 000,000,080 | RH-- | M] () -- C:\volumeid.zbx
[2007/12/01 00:19:18 | 000,104,549 | ---- | M] () -- C:\wl_hook.log
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/01/16 19:05:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2011/01/25 18:51:28 | 000,001,690 | -H-- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/01/16 18:45:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/01/16 18:45:33 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/01/16 18:45:33 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/02 08:20:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/03/17 22:01:29 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/01/16 19:10:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2012/02/01 10:13:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\33gld95m.exe
[2012/02/01 1652 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David_p\Desktop\aswMBR.exe
[2012/02/02 11:58:09 | 004,395,504 | R--- | M] (Swearware) -- C:\Documents and Settings\David_p\Desktop\davidscf.exe
[2012/02/02 00:35:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts32.exe
[2012/02/02 00:07:29 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts64.exe
[2012/02/03 00:44:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
[2011/10/10 09:34:10 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\SecurityCheck.exe
[2011/10/10 09:40:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\TFC.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2010/12/10 20:14:22 | 019,985,265 | ---- | M] () -- C:\Documents and Settings\David_p\My Documents\vlc-1.1.5-win32.exe
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2006/03/17 22:01:29 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\David_p\Favorites\Desktop.ini
[2009/01/28 14:44:33 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\David_p\Favorites\NCH Audio and Telephony Software.lnk
[2009/01/28 14:44:46 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\David_p\Favorites\NCH Software Download.lnk
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/03 00:50:10 | 000,376,832 | -HS- | M] () -- C:\Documents and Settings\David_p\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
------------------------------------------
OTL logfile created on: 03/02/2012 00:47:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David_p\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.36 Mb Total Physical Memory | 339.62 Mb Available Physical Memory | 33.19% Memory free
2.40 Gb Paging File | 1.73 Gb Available in Paging File | 71.90% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.18 Gb Total Space | 101.51 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive E: | 593.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: DAVID | User Name: David_p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/03 00:44:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/04 11:55:04 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 14:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/10/20 14:43:56 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2010/07/28 17:13:38 | 001,479,904 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2010/07/28 17:13:36 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010/06/24 14:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/01/20 06:03:21 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/05/22 08:27:34 | 000,299,008 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/02/04 10:58:54 | 001,011,712 | ---- | M] () -- C:\WINDOWS\system32\SHVRTF.EXE
========== Modules (No Company Name) ==========
MOD - [2011/11/04 11:58:00 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baselin e\RapportMS.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/03 14:28:56 | 000,225,280 | ---- | M] () -- C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\npF FApi.dll
MOD - [2011/08/10 19:35:31 | 011,808,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\c72211783476964f96fe1990a13dd6e9\System.We b.ni.dll
MOD - [2011/08/10 19:35:08 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\c60af244ef59104bb8c51ffb99e92a23 \System.Configuration.ni.dll
MOD - [2011/08/10 19:35:06 | 001,724,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\c219c5f06fd5c64e9cfdc8a43f42049a \Microsoft.VisualBasic.ni.dll
MOD - [2011/08/10 18:52:05 | 006,688,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\d8a8d2f3e44c7c40bdf00168a3f39674\System.D ata.ni.dll
MOD - [2011/08/10 18:51:57 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\e97e5f6199bdc445bea8a7ee46affdd9\System.Xm l.ni.dll
MOD - [2011/08/10 18:51:51 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\8990b4cd07a7454580ca86258fe2f232 \System.Windows.Forms.ni.dll
MOD - [2011/08/10 18:51:39 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\2156e531818bbf46aaea6e1d92cac1e7\Syste m.Drawing.ni.dll
MOD - [2011/08/10 18:51:10 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\ec6fd8cbfad01e47be84b0643aab90af\System.ni.dll
MOD - [2011/08/10 18:50:50 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\13ad55be0d5a484d939a821cd349cdd7\mscorlib.ni .dll
MOD - [2011/08/10 18:50:20 | 000,299,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
MOD - [2011/08/10 18:50:15 | 002,878,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2011/08/10 18:50:11 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/08 09:08:57 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorl ib\1.0.5000.0__b77a5c561934e089_eb0eb637\mscorlib. dll
MOD - [2010/10/08 09:08:52 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .drawing\1.0.5000.0__b03f5f7f11d50a3a_31450f41\sys tem.drawing.dll
MOD - [2010/10/08 09:08:25 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .xml\1.0.5000.0__b77a5c561934e089_861bf923\system. xml.dll
MOD - [2010/10/08 09:08:15 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .windows.forms\1.0.5000.0__b77a5c561934e089_10a6dd a5\system.windows.forms.dll
MOD - [2010/10/08 09:08:00 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system \1.0.5000.0__b77a5c561934e089_3313a408\system.dll
MOD - [2010/10/08 09:07:45 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03 f5f7f11d50a3a\system.web.dll
MOD - [2010/10/08 09:07:45 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c5 61934e089\system.dll
MOD - [2010/07/28 17:13:54 | 002,887,904 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2010/07/28 17:13:50 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection .dll
MOD - [2010/04/05 18:52:36 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/01/16 19:12:27 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77 a5c561934e089\system.xml.dll
MOD - [2006/01/16 19:12:27 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000 .0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006/01/16 19:12:26 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0_ _b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/01/16 19:12:26 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1. 0.5000.0__b77a5c561934e089\system.runtime.remoting .dll
MOD - [2006/01/16 19:12:25 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5 000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005/02/04 10:58:54 | 001,011,712 | ---- | M] () -- C:\WINDOWS\system32\SHVRTF.EXE
========== Win32 Services (SafeList) ==========
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/04 11:55:04 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/11/03 14:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/05/25 14:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/07/28 17:13:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/06/24 14:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/05/22 08:27:34 | 000,299,008 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe -- (SecureLockWare_InputPassword)
SRV - [2008/04/14 00:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
========== Driver Services (SafeList) ==========
DRV - [2012/01/09 16:07:05 | 000,084,471 | ---- | M] (ULi Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2012/01/09 16:07:05 | 000,005,304 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2012/01/09 15:38:43 | 000,103,680 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\m5287.sys -- (m5287)
DRV - [2012/01/09 15:37:33 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2011/12/07 18:44:52 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\3 4302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/04 11:58:00 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baselin e\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/04 11:55:18 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/04 11:55:18 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/03 14:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/11 07:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/12/17 06:02:08 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 06:01:44 | 006,364,440 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/12/17 06:01:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 06:00:14 | 000,768,024 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/29 11:39:22 | 000,008,960 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bautopw.sys -- (bautopw)
DRV - [2008/02/12 01:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)
DRV - [2007/06/19 11:12:00 | 000,725,248 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SLWFIL.SYS -- (SecureLockWare_EncryptFilterDriver2)
DRV - [2007/06/19 11:11:00 | 000,725,120 | ---- | M] (BUFFALO INC.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ENCRFIL.SYS -- (SecureLockWare_EncryptFilterDriver)
DRV - [2006/10/18 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/18 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/10/02 09:39:28 | 000,030,808 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore2.sys -- (hotcore2)
DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/10/18 13:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/01 22:40:43 | 000,014,080 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter)
DRV - [2005/03/01 15:53:42 | 000,291,456 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/01 15:53:12 | 000,024,064 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/01 15:44:04 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/01 15:40:24 | 000,202,368 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/01 15:39:20 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/01 15:27:26 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/05/08 0944 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/12/04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/09/12 15:08:06 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2003/08/13 07:27:22 | 000,065,280 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/05/21 14:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/21 14:33:30 | 000,196,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/05/21 14:32:32 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/21 14:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/13 15:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/01/02 18:04:02 | 000,428,431 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)
DRV - [2002/01/02 18:03:34 | 000,124,701 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)
DRV - [2002/01/02 18:02:46 | 000,212,491 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)
DRV - [2002/01/02 18:01:56 | 000,059,663 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)
DRV - [2002/01/02 18:01:34 | 000,303,171 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)
DRV - [2002/01/02 17:59:16 | 000,084,786 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)
DRV - [2002/01/02 17:58:56 | 000,062,422 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)
DRV - [2002/01/02 17:58:40 | 000,541,981 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)
DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 13:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.evesham.com/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.evesham.com/
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = BBC - Homepage
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.8.0.8
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npF FApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.d ll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/01/18 12:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/11 16:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 1620 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/11 16:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/02/14 13:39:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Extensions
[2008/05/22 10:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/02/01 20:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\ext ensions
[2009/12/12 18:14:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/13 13:25:21 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\ext ensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2011/10/10 11:34:59 | 000,003,739 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Mozilla\Firefox\Profiles\mbudi456.default\sea rchplugins\avg-secure-search.xml
[2012/02/01 16:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/01 13:37:42 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/11 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/11/25 18:22:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/11 11:17:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = http://www.google.co.uk/search?hl=en&q={searchTerms}&btnG=Google+Search&me ta=cr=countryUK|countryGB&rlz=
CHR - default_search_provider: suggest_url =
CHR - Extension: AVG Safe Search = C:\Documents and Settings\David_p\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1374\
CHR - Extension: Click to call with Skype = C:\Documents and Settings\David_p\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.6.0.8153\
O1 HOSTS File: ([2012/02/02 12:18:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\Tru stCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Protect] C:\WINDOWS\System32\SHVRTF.EXE ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/12/18 11:17:02 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4252005528-1478401231-3267452383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.laplink.com/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exter...pAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1173222094875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Reg Error: Key error.)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/bbde...ivePreQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1FFF0EAB-4EC6-461B-A442-3C0829481C15}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 19:06:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/06 15:54:17 | 000,008,471 | R--- | M] () - E:\autorun.apm -- [ UDF ]
O32 - AutoRun File - [2003/11/20 09:01:00 | 000,995,328 | R--- | M] (Indigo Rose Corporation) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005/12/06 15:54:30 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\)
O34 - HKLM BootExecute: (iolobtdfg c:\windows\system32)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.NSVI - C:\WINDOWS\System32\Nsvideo.dll ()
Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/02/03 00:44:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
[2012/02/02 12:58:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/02 11:59:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/02 11:59:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/02 11:59:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/02 11:59:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/02 11:54:51 | 004,395,504 | R--- | C] (Swearware) -- C:\Documents and Settings\David_p\Desktop\davidscf.exe
[2012/02/02 02:18:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 00:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David_p\Desktop\bootkit_remover
[2012/02/01 17:17:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\David_p\Desktop\dds.scr
[2012/02/01 1631 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\David_p\Desktop\aswMBR.exe
[2012/01/30 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David_p\Desktop\logs
[2012/01/11 16:49:04 | 000,000,000 | ---D | C] -- C:\found.004
[2012/01/09 16:07:05 | 000,084,471 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliEhci.sys
[2012/01/09 16:07:05 | 000,032,118 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliHub.sys
[2012/01/09 16:07:05 | 000,009,658 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliGP.sys
[2012/01/09 16:07:05 | 000,005,304 | ---- | C] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliRtHub.sys
[2012/01/09 15:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2012/01/09 15:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2012/01/09 15:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2007/04/23 18:24:54 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
========== Files - Modified Within 30 Days ==========
[2012/02/03 00:44:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
[2012/02/03 00:38:04 | 000,441,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/03 00:38:03 | 000,073,136 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/03 00:35:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 00:35:13 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012/02/03 00:34:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 00:34:40 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 18:38:34 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{22CFAAA0-B274-4BA7-A01F-6223A6A1E503}.job
[2012/02/02 12:41:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/02/02 12:18:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/02 11:58:09 | 004,395,504 | R--- | M] (Swearware) -- C:\Documents and Settings\David_p\Desktop\davidscf.exe
[2012/02/02 00:35:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts32.exe
[2012/02/02 00:07:29 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts64.exe
[2012/02/02 00:01:05 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\bootkit_remover.zip
[2012/02/01 17:17:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\David_p\Desktop\dds.scr
[2012/02/01 1652 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David_p\Desktop\aswMBR.exe
[2012/02/01 10:13:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\33gld95m.exe
[2012/01/31 20:02:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/31 16:01:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 13:03:09 | 000,480,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/30 11:53:38 | 000,001,828 | ---- | M] () -- C:\WINDOWS\SysMech6.INI
[2012/01/25 14:51:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/19 10:31:51 | 000,435,628 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120126-103146.backup
[2012/01/19 09:08:26 | 000,415,916 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/17 11:09:24 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/12 10:32:34 | 000,435,628 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-103151.backup
[2012/01/09 16:07:05 | 000,084,471 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliEhci.sys
[2012/01/09 16:07:05 | 000,032,118 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliHub.sys
[2012/01/09 16:07:05 | 000,009,658 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliGP.sys
[2012/01/09 16:07:05 | 000,005,304 | ---- | M] (ULi Corporation) -- C:\WINDOWS\System32\drivers\AliRtHub.sys
[2012/01/09 15:38:43 | 000,103,680 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\System32\drivers\m5287.sys
[2012/01/09 15:37:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\System32\RtNicProp32.dll
========== Files Created - No Company Name ==========
[2012/02/02 11:59:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/02 11:59:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/02 11:59:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/02 11:59:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/02 11:59:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/02 09:25:10 | 1073,139,712 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/02 00:35:15 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\ListParts32.exe
[2012/02/02 00:07:29 | 000,800,211 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\ListParts64.exe
[2012/02/02 00:01:03 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\bootkit_remover.zip
[2012/02/01 10:13:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\David_p\Desktop\33gld95m.exe
[2012/01/31 16:01:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 15:37:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/01/09 15:27:32 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/11/26 18:43:57 | 000,000,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.tv5
[2011/09/09 17:29:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/09/09 16:50:48 | 000,001,075 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2011/05/18 13:34:43 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/09/06 14:33:53 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\memorybar.exe
[2010/07/21 09:14:26 | 000,000,137 | ---- | C] () -- C:\WINDOWS\topocr.INI
[2010/06/30 15:48:14 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010/05/11 22:51:50 | 000,002,555 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2010/05/11 22:51:03 | 000,002,693 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2010/02/11 04:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/11 04:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/12/21 17:55:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/21 17:18:50 | 000,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/25 12:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/24 14:23:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/10/22 17:01:21 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/10/22 17:01:21 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/10/22 17:01:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/10/22 17:01:21 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/10/22 17:01:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/10/22 17:01:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/10/22 17:01:21 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/10/22 17:01:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/10/22 17:01:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/10/22 17:01:21 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/10/22 17:01:21 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/10/22 17:01:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/10/22 17:01:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/22 17:01:20 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/10/22 17:01:20 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/10/22 17:01:20 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/10/22 17:01:20 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/10/22 17:01:20 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/10/22 17:01:20 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/01 10:58:57 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/09/01 10:51:41 | 000,002,345 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2009/09/01 10:41:39 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009/09/01 10:41:39 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2009/09/01 10:41:39 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2009/09/01 10:41:39 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2009/09/01 10:41:39 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009/02/14 13:39:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/01/28 00:18:52 | 008,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/10/30 09:47:38 | 000,098,924 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/09/05 11:00:25 | 000,006,979 | ---- | C] () -- C:\WINDOWS\UN080616.INI
[2008/09/05 11:00:20 | 000,007,925 | ---- | C] () -- C:\WINDOWS\UN020914.INI
[2008/09/05 11:00:08 | 000,012,348 | ---- | C] () -- C:\WINDOWS\UN050225.INI
[2008/09/05 10:59:57 | 000,006,353 | ---- | C] () -- C:\WINDOWS\UN070618.INI
[2008/01/25 12:18:43 | 000,000,699 | ---- | C] () -- C:\WINDOWS\dvdtoaudioconverter.ini
[2008/01/25 12:08:35 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtoaudio.dat
[2008/01/25 12:08:30 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2008/01/25 12:08:30 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2008/01/25 12:08:29 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/01/22 20:13:52 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFreeLite.INI
[2008/01/21 15:23:56 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2007/12/04 09:33:28 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/12/03 09:54:40 | 000,001,828 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2007/12/03 00:20:59 | 001,212,416 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/12/03 00:20:59 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2007/12/03 00:20:59 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/08/18 19:16:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2007/08/14 19:38:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/07/01 16:12:55 | 004,239,360 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2007/07/01 16:12:55 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2007/04/23 18:24:53 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\u25dts.dll
[2007/04/06 15:11:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/30 22:31:41 | 000,038,476 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\Comma Separated Values (DOS).ADR
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/04 16:03:20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/11/14 14:45:18 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006/10/11 09:13:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/09/18 12:28:43 | 000,000,031 | ---- | C] () -- C:\WINDOWS\FP3D.INI
[2006/09/04 11:32:23 | 000,000,025 | ---- | C] () -- C:\WINDOWS\burnit.INI
[2006/08/11 10:16:04 | 000,001,042 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/08/11 10:16:04 | 000,000,020 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/08/11 10:16:01 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2006/08/11 10:16:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2006/08/11 10:16:01 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2006/08/11 10:15:51 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2006/06/19 12:05:38 | 000,000,195 | ---- | C] () -- C:\WINDOWS\Retrieve7.INI
[2006/04/15 19:58:59 | 000,024,962 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\Comma Separated Values (Windows).ADR
[2006/03/27 23:47:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\FASTWiz.html
[2006/03/27 11:46:03 | 000,026,762 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\Microsoft Access.ADR
[2006/03/22 16:39:05 | 000,008,192 | -HS- | C] () -- C:\WINDOWS\o2cLicStore.bin
[2006/03/22 15:46:19 | 000,000,129 | ---- | C] () -- C:\WINDOWS\PHOTOIMP.INI
[2006/03/21 21:09:48 | 000,000,160 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2006/03/21 21:09:46 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2006/03/21 20:40:43 | 000,000,886 | ---- | C] () -- C:\WINDOWS\EReg.dat
[2006/03/21 13:23:31 | 000,000,146 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2006/03/21 12:52:04 | 000,003,900 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2006/03/21 12:52:03 | 000,000,271 | ---- | C] () -- C:\WINDOWS\Pexplore.ini
[2006/03/21 12:51:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/03/21 12:50:36 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nsvideo.dll
[2006/03/21 12:41:43 | 000,140,573 | ---- | C] () -- C:\WINDOWS\UNENC97Z.EXE
[2006/03/21 01:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/03/21 01:31:17 | 000,000,444 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2006/03/21 01:28:59 | 000,000,155 | ---- | C] () -- C:\WINDOWS\magix.ini
[2006/03/21 01:28:58 | 000,000,730 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/03/21 01:20:35 | 000,215,040 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/21 01:00:43 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/03/21 00:49:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/18 1103 | 000,437,692 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\imageCache7.db
[2006/03/17 23:02:42 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\David_p\Application Data\wklnhst.dat
[2006/03/17 22:01:21 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\David_p\Local Settings\Application Data\fusioncache.dat
[2006/01/17 01:26:38 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/01/17 01:26:34 | 000,091,440 | ---- | C] () -- C:\WINDOWS\SETUPBTCLICK.EXE
[2006/01/17 01:26:34 | 000,001,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/17 01:26:13 | 000,441,966 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/17 01:26:13 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/17 01:26:13 | 000,073,136 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/17 01:26:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/17 01:26:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/17 01:26:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/17 01:26:12 | 000,004,674 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/17 01:26:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/17 01:26:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/17 01:26:10 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/17 01:26:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/17 01:26:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/01/16 21:51:49 | 000,003,313 | ---- | C] () -- C:\WINDOWS\System32\MBR.INI
[2006/01/16 21:32:41 | 001,011,712 | ---- | C] () -- C:\WINDOWS\System32\SHVRTF.EXE
[2006/01/16 21:32:41 | 000,001,009 | ---- | C] () -- C:\WINDOWS\System32\START.INI
[2006/01/16 21:32:41 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\STARTREC.INI
[2006/01/16 21:32:41 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\RECGUARD.INI
[2006/01/16 19:52:44 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/01/16 19:46:31 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/01/16 19:46:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/01/16 19:36:45 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/16 19:08:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/16 19:03:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/16 18:57:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/16 1851 | 000,480,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/16 14:19:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/04 13:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/01 14:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2003/03/19 18:14:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/01/22 16:54:28 | 000,010,539 | ---- | C] () -- C:\WINDOWS\System32\NICFIND.EXE
[2001/07/25 12:00:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HWINV.DLL
[2001/07/25 12:00:10 | 000,026,572 | ---- | C] () -- C:\WINDOWS\System32\INV16.DLL
[2000/04/12 20:24:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1997/09/30 19:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1997/09/11 23:00:00 | 001,691,408 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/09/11 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/09/11 23:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/09/11 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== LOP Check ==========
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/12/01 22:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2010/10/20 11:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/11/13 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/10/20 12:09:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/12/04 09:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/08/02 23:10:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2009/01/21 00:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2012/02/02 01:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/10 22:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/18 13:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/09/09 1638 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/03/12 12:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/30 15:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/07/10 22:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/04/17 08:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/07/03 10:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2011/07/22 12:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/01/31 13:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TwonkyMedia
[2010/04/01 00:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/03/21 13:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\ACD Systems
[2008/07/03 11:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\ACDInTouch
[2011/03/12 13:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\AceBIT
[2010/04/03 17:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Ashampoo Photo Commander 3
[2011/11/24 17:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Audacity
[2009/06/23 09:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73D DBBD723A6DA9D.1
[2011/11/13 13:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\CheckPoint
[2011/07/21 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Downloaded Installations
[2011/09/11 14:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\DriverFinder
[2011/11/03 15:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\ElevatedDiagnostics
[2012/01/23 21:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\FreshDiagnose
[2010/05/26 20:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Genie-Soft
[2006/12/21 13:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Hemera
[2007/05/30 15:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Jasc
[2006/03/21 01:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Leadertech
[2011/08/10 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Memeo
[2006/08/10 21:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\MSNInstaller
[2011/11/24 10:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\MT2OFX
[2006/03/21 01:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\MyFamily.com
[2007/03/07 20:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Nikon
[2011/06/26 11:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Nitro PDF
[2009/10/24 11:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Panasonic
[2006/12/11 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Plant Encyclopedia
[2011/05/18 13:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\PrimoPDF
[2006/03/21 01:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Progeny
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\SampleView
[2006/10/22 10:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Sports Interactive
[2006/03/17 23:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Template
[2009/02/14 13:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Thunderbird
[2007/12/20 17:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\TomTom
[2010/07/07 16:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Toxik Software
[2012/01/09 15:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\Uniblue
[2011/01/16 12:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\vShare
[2010/03/30 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\webex
[2010/12/18 11:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David_p\Application Data\William Hill Outlook Addin
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2006/03/25 10:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\BullGuard
[2007/12/14 14:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Grisoft
[2007/05/04 17:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\MyFamily.com
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\SampleView
[2006/01/16 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sudge\Application Data\SampleView
[2012/02/03 00:35:13 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2012/02/02 18:38:34 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{22CFAAA0-B274-4BA7-A01F-6223A6A1E503}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/07/05 10:32:26 | 000,476,258 | ---- | M] () -- C:\all in temp photo fun studio.csv
[2006/01/16 19:06:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/11/14 17:30:33 | 000,000,359 | RHS- | M] () -- C:\boot.ini
[2006/08/10 13:30:32 | 000,256,512 | ---- | M] () -- C:\CAPT000.avi
[2007/12/16 12:41:46 | 001,244,214 | ---- | M] () -- C:\CAPT000.BMP
[2006/08/16 1145 | 000,256,512 | ---- | M] () -- C:\CAPT001.avi
[2007/12/16 12:44:36 | 001,244,214 | ---- | M] () -- C:\CAPT001.BMP
[2010/12/15 17:11:41 | 000,010,055 | R--- | M] () -- C:\CLDMA.LOG
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/02 12:30:50 | 000,021,907 | ---- | M] () -- C:\ComboFix.txt
[2006/01/16 19:06:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/08 12:15:20 | 000,000,311 | ---- | M] () -- C:\GBI.INI
[2008/07/10 1627 | 000,000,295 | ---- | M] () -- C:\gsupdate.log
[2012/02/03 00:34:40 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/21 13:37:04 | 000,155,648 | ---- | M] () -- C:\HTGD0007.exe
[2006/01/16 19:06:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/11 11:45:24 | 000,026,197 | ---- | M] () -- C:\JavaRa.log
[2010/05/16 11:45:41 | 000,011,453 | ---- | M] () -- C:\logfile
[2006/01/16 19:06:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/02 08:14:10 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/03 00:34:38 | 1609,601,024 | -HS- | M] () -- C:\pagefile.sys
[2010/04/03 17:07:23 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2008/12/06 20:48:18 | 000,089,580 | -H-- | M] () -- C:\POF$$THM.TOF
[2006/03/14 17:10:31 | 000,001,210 | ---- | M] () -- C:\QClog.txt
[2009/01/15 1803 | 000,000,180 | ---- | M] () -- C:\Rescued document.txt
[2011/11/02 16:58:31 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2009/10/24 11:53:22 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2006/03/22 15:31:23 | 000,000,080 | RH-- | M] () -- C:\volumeid.zbx
[2007/12/01 00:19:18 | 000,104,549 | ---- | M] () -- C:\wl_hook.log
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/01/16 19:05:36 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2011/01/25 18:51:28 | 000,001,690 | -H-- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/01/16 18:45:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/01/16 18:45:33 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/01/16 18:45:33 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/10/02 08:20:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/03/17 22:01:29 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/01/16 19:10:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\David_p\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< %USERPROFILE%\Desktop\*.exe >
[2012/02/01 10:13:30 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\33gld95m.exe
[2012/02/01 1652 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David_p\Desktop\aswMBR.exe
[2012/02/02 11:58:09 | 004,395,504 | R--- | M] (Swearware) -- C:\Documents and Settings\David_p\Desktop\davidscf.exe
[2012/02/02 00:35:15 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts32.exe
[2012/02/02 00:07:29 | 000,800,211 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\ListParts64.exe
[2012/02/03 00:44:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\OTL.exe
[2011/10/10 09:34:10 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\David_p\Desktop\SecurityCheck.exe
[2011/10/10 09:40:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David_p\Desktop\TFC.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2010/12/10 20:14:22 | 019,985,265 | ---- | M] () -- C:\Documents and Settings\David_p\My Documents\vlc-1.1.5-win32.exe
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2006/03/17 22:01:29 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\David_p\Favorites\Desktop.ini
[2009/01/28 14:44:33 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\David_p\Favorites\NCH Audio and Telephony Software.lnk
[2009/01/28 14:44:46 | 000,000,524 | ---- | M] () -- C:\Documents and Settings\David_p\Favorites\NCH Software Download.lnk
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/03 00:50:10 | 000,376,832 | -HS- | M] () -- C:\Documents and Settings\David_p\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 14:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
Full Member
