PDA

View Full Version : Win32.Agent.bb



oholton1
2011-08-07, 04:20
Hi,

Thanks in advance if you can help me out!

I ran SpyBot - Search and Destroy and found 'Win32.Agent.bb' However Spybot couldn't fix the problem, giving the following message -

"Some problems couldn't be fixed; the reason could be that the associate files are still in use (in memory). This could be fixed after a restart. May Spybot run on your next system startup?"

I tried restarting, but having finished the search and spotted Win32.Agent.bb, Spybot again gave the same "in use" message.




.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Oliver at 1:56:51 on 2011-08-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4056.1290 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Windows\system32\taskhost.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\AVG\AVG10\avgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: : {669751ed-d558-49ae-b01a-3b374cc7910e} - C:\PROGRA~1\TENCENT\SSPlus\SSup.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB: ncikuToolBar: {77d8dc41-9ce3-42e2-af46-84f9686bfe21} - C:\Program Files (x86)\nciku\Toolbar\ncikuToolbar_0_5_1_74.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [QQ2009] "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe -update plugin
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Oliver\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Oliver\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Oliver\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C052A649-6FEA-4AF3-81E4-DE31A8AD46B5} - hxxp://xmp.down.sandai.net/kankan/xoli.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{49CDBADF-B76C-452D-87BC-CA3B0C9C99E4} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{49CDBADF-B76C-452D-87BC-CA3B0C9C99E4}\35E294E245E20234F6666656560264275656027596D26496 : DhcpNameServer = 102.34.10.1 202.106.195.68
TCP: Interfaces\{49CDBADF-B76C-452D-87BC-CA3B0C9C99E4}\4586560224279646765602341666560233 : DhcpNameServer = 202.106.0.20 202.106.46.151
TCP: Interfaces\{49CDBADF-B76C-452D-87BC-CA3B0C9C99E4}\73027556C646F6E60225F61646 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: : {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\PROGRA~1\TENCENT\SSPlus\SSup.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB-X64: ncikuToolBar: {77D8DC41-9CE3-42E2-AF46-84F9686BFE21} - C:\Program Files (x86)\nciku\Toolbar\ncikuToolbar_0_5_1_74.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [stup.exe] C:\PROGRA~1\TENCENT\SSPlus\Stup.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQLive\npQQLive.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\C2MP\npdivx32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-7 269520]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-10-20 341312]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-10-20 67904]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-6-25 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-2 705856]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 NdisrdMP;NdisrdMP;C:\Windows\system32\DRIVERS\ndisrd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-25 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-25 136176]
S3 Ndisrd;WinpkFilter Service;C:\Windows\system32\DRIVERS\ndisrd.sys --> C:\Windows\system32\DRIVERS\ndisrd.sys [?]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-31 03:25:53 -------- d-----w- C:\Users\Oliver\AppData\Local\{EE71AC1A-BDD0-4EC2-991F-9FD5373109FA}
2011-07-27 09:40:47 -------- d-----w- C:\Users\Oliver\AppData\Local\{D2AD43FF-0192-415A-8218-806BAABD5920}
2011-07-23 09:42:28 -------- d-----w- C:\Program Files\iTunes
2011-07-23 09:42:28 -------- d-----w- C:\Program Files\iPod
2011-07-23 09:42:28 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-23 09:39:29 -------- d-----w- C:\Program Files\Bonjour
2011-07-23 09:39:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-07-22 22:13:48 -------- d-----w- C:\Users\Oliver\AppData\Local\{82E55148-B67D-40CA-A749-9D5FA6FCD2EF}
2011-07-21 11:47:52 -------- d-----w- C:\Users\Oliver\AppData\Local\{D73B06B2-B783-41C6-98D9-DF7898B470BB}
2011-07-20 13:11:03 -------- d-----w- C:\Users\Oliver\AppData\Local\{01C07453-F97D-4B14-8FC4-15368610547B}
2011-07-19 18:59:40 -------- d-----w- C:\Users\Oliver\AppData\Local\{7D8495DD-2733-44DA-A8FC-1C4489804748}
2011-07-19 08:19:11 -------- d-----w- C:\Users\Oliver\AppData\Local\{EB366AA2-A56C-4D72-BFBB-BCFDF0974D23}
2011-07-19 04:47:19 -------- d-----w- C:\Users\Oliver\AppData\Local\{094D9CEF-8570-4C08-B631-517DD523BEBD}
2011-07-18 16:46:45 -------- d-----w- C:\Users\Oliver\AppData\Local\{0CB9ADD0-8378-434B-8686-AB4275B06B24}
2011-07-16 16:47:04 -------- d-----w- C:\Users\Oliver\AppData\Local\{DC616DB0-E52D-4136-9D0B-6BDC17D23353}
2011-07-13 19:26:13 -------- d-----w- C:\Users\Oliver\AppData\Local\{9C0F7B56-5FD9-4A7D-AD6B-8D97F3A93E86}
2011-07-13 14:29:51 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-13 14:08:49 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-07-12 15:36:16 -------- d-----w- C:\Users\Oliver\AppData\Local\{F32AC0B2-B795-49FD-BE45-28A098DD04A5}
2011-07-12 10:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 10:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 10:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 10:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-11 06:11:03 -------- d-----w- C:\Users\Oliver\AppData\Local\{A9BD83F9-C813-42B7-9F9B-37DE27C2D2C1}
2011-07-10 18:10:19 -------- d-----w- C:\Users\Oliver\AppData\Local\{F940B5AB-53B6-4B70-82A3-615E3FCCB2F1}
.
==================== Find3M ====================
.
2011-07-07 17:25:29 27648 ----a-w- C:\Windows\System32\drivers\Ndisrd.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-26 10:45:12 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-25 12:16:35 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-05-25 12:16:35 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-10 00:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 00:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
.
============= FINISH: 1:59:13.22 ===============


Win32.Agent.bb: [SBI $E6716A09] Program directory (Directory, fixing failed)
C:\Users\Oliver\AppData\Roaming\SogouExplorer\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-25 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-08-02 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-08-01 Includes\TrojansC-02.sbi (*)
2011-07-19 Includes\TrojansC-03.sbi (*)
2011-08-02 Includes\TrojansC-04.sbi (*)
2011-08-01 Includes\TrojansC-05.sbi (*)
2011-07-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-23 Plugins\TCPIPAddress.dll



Many thanks!

ken545
2011-08-15, 16:09
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



Do this first...Important

Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect

Please do not proceed until the TeaTimer is disabled






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

oholton1
2011-08-16, 00:35
Thank you for your help! The log is posted below:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7474

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/08/2011 22:32:33
mbam-log-2011-08-15 (22-32-33).txt

Scan type: Quick scan
Objects scanned: 177524
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 12
Registry Data Items Infected: 1
Folders Infected: 35
Files Infected: 311

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C7C23EF-A848-485B-873C-0ED954731014} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SogouExplorerHTML (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\TBH (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Value: {669751ED-D558-49AE-B01A-3B374CC7910E} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C7C23EF-A848-485B-873C-0ED954731014} (Trojan.Agent) -> Value: {0C7C23EF-A848-485B-873C-0ED954731014} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Value: {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Value: {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Value: {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C7C23EF-A848-485B-873C-0ED954731014} (Trojan.Agent) -> Value: {0C7C23EF-A848-485B-873C-0ED954731014} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Value: {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Value: {A57E074F-56D8-4A33-8112-AAC9693AA909} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A57E074F-56D8-4A33-8112-AAC9693AA909} (Trojan.Agent) -> Value: {A57E074F-56D8-4A33-8112-AAC9693AA909} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{669751ED-D558-49AE-B01A-3B374CC7910E} (Trojan.Agent) -> Value: {669751ED-D558-49AE-B01A-3B374CC7910E} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\stup.exe (Trojan.Agent) -> Value: stup.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files (x86)\sogouexplorer (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\Skin (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Security (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\laan (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\laan\smart (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\laan\smart\tween (Adware.Sogou) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\download (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\historytorrent (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???? (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???????? (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\?????-mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????-MP4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???????-mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???? (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????:?????-mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???? (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\?? (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???? (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\adbrule.dat (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\avcodec-52.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\avformat-52.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\avutil-50.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\browser.conf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\bseapi.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\bsecore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\bseupd.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\changelog.txt (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\cmdlineparser.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\dialog.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\dialogcore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\framework.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\Instlist (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\license (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\metasearch.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\metasearchdic (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\p2pclient.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\seapi.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\searchlist.xml (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\seinstallhelper.exe (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\site.url (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\snapshoter.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\sodalib.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\sogouexplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\sogouipfilter.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\sogouipfilterinst.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\sogounet.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\sogounetopt.sys (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\tridentcore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\uninstall.exe (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\video_acc.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\webkitcore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\webkit_plugins_file.xml (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\xdelta3.exe (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\Skin\????? 2010.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\add1.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\add2.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\baidu.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\baiduc.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\bdsug.js (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\checkbox.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\checkbox1.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\checkbox2.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\close.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\close.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\default.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\default.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\default_page.ico (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\fenge.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\google.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\googlec.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\guding1.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\guding2.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\help.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\ie.css (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\ie.js (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\iframe.html (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\iframe_wk.html (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\index1.html (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\index2.html (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\logo.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\none.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\q1.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\q2.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\rbg.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\rbg0.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\rbg2.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\rbg3.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\reset.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\sb.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\search_logo.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\selmenu.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\set.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\setcancel.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\setok.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\shadow1.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\shadow2.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\sogou.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\sogouc.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\space.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\tran1.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\tran2.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\tran3.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\wk.css (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Local\wk.js (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Security\body_back.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Security\btn1.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Security\btn2.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Security\riskalert.html (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\baidu_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\google_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\index.html (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\pic_daohang.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\pic_kongbai.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\pic_sousuo.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\pic_zuiai.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\pic_zuiai_1.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\pic_zuiai_2.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\sogou_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_body_bg.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_daohang.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_daohang_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_kongbai.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_kongbai_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_light.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_qita.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_queding.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_queding_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_queding_hover.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_sousuo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_sousuo_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_zidingyi.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_zidingyi_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_zuiai.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_btn_zuiai_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_checkbox_checked.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_checkbox_hover.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_checkbox_normal.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_daohang_logo_bg.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_ico_home.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_stage_arrow_daohang.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_stage_arrow_kongbai.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_stage_arrow_sousuo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_stage_arrow_zidingyi.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_stage_arrow_zuiai.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_stage_main.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_text_1.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_zidingyi_dizhikuang.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_zidingyi_icon.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\start_zidingyi_text.gif (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\s_baidu_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\s_google_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\startpage\Selector\s_sogou_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\download.swf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\passport.swf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\passport_20.swf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\swichcore.swf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\tabscroll.swf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\videoextract.swf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\program files (x86)\sogouexplorer\userinstruct\videoontop.swf (Adware.Sogou) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\cacheflash\donghuanew_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flash\980ef71b_c41b_511c_2591_1c44d72c2cec.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\00c64b27_6cdc_0fc9_521d_eb413810dae0.date1311759727.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\010d78a2_8c74_0bd8_3174_275661b3023a.date1311372977.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\02ee38ff_c003_4481_c897_9e9a246fbbd7.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\031d9b6f_0511_4b82_1580_16099dad5a31.date1310834944.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\038e3428_2643_212c_66d0_5c2c43030fa2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\0a4a8427_e75e_8381_4a8c_3845aa305eb2.date1309955082.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\0e943007_51ba_83a5_7dfb_5cda72a5ae95.date1312082822.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\0fa1bf32_26b7_3c8e_40a3_fc1044fd65d7.date1312082822.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\1039e1ca_5fe8_801f_d179_c1d2c7b976b7.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\10fcfdcc_2252_665a_c570_3660547ff389.date1310232510.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\11bb431a_508d_e186_d7b1_a05155afd420.date1311372977.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\11fcf020_8c0e_9a25_37c2_99e43c17f525.date1310834944.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\16a6f462_3b71_09dd_201c_8ffb464e47df.date1311046033.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\211daf48_5e31_b893_b7f3_4dcc503e6f25.date1310834944.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\242c134b_ac9c_008c_8655_71888fab4497.date1311007705.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\2513e763_d02b_13e4_ba58_1d1ff57d5e3a.date1312082822.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\25cdea0e_d4f8_5483_170d_8c5ef744d546.date1311372977.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\276ac896_85e9_995e_77d0_18e35e57e59c.date1310321510.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\2ba2e8b3_699d_d277_0691_52a11480d203.date1311759727.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\31180903_0a7f_871e_76fd_571dcb44bebd.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\36526847_5d54_f801_9028_e595aa06e940.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\3c2962b4_4ac2_8249_8d19_64e9129c4d89.date1311759727.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\40c07c90_6186_ac75_4abf_8ce291a20704.date1311167739.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\41034cbd_4a95_c146_827a_863c57caa50c.date1309955082.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\4fb870e3_6a2a_ad04_0e3c_b29ac08d244a.date1311372977.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\5add878d_4f33_1d89_b356_3bca2a1a0eff.date1311167739.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\5f0875ac_463a_dcd4_c54e_d8bd9c112f4a.date1309955082.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\67d272b1_425f_ab27_ddbe_62b3013adb52.date1310834943.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\6891a9de_0f1a_94bd_bd30_72d879a31fad.date1310834943.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\69c3b9e1_1f9d_7df3_aa96_1f17c510b7cf.date1311372977.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\6be40bee_0b56_2638_a08f_f21d73ded0da.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\6cb0abb2_21a4_aff6_e10b_8ca408a58b20.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\72c1a40c_d151_42f6_bfe0_623fcdb41c3e.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\748598e9_4d62_5674_e2b2_7d05765513b0.date1311372977.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\812957e0_16d3_6197_aae8_fe34473a2690.date1310834943.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\8d6b6a43_86f0_b2a5_c9a5_79f8b86baa7d.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\8da403ca_aa87_37f5_a980_16c1067d246a.date1311167739.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\93e37ce2_7c8b_c135_9cf7_40636be13110.date1310834943.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\95b4b11e_eb7f_c994_6080_9a01a13e7290.date1310834943.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\974e2f85_88c2_9ead_a5de_60a9e8482d78.date1310485052.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\9e9fcdf8_7e5d_7f8b_5bbf_1a3806b9a17a.date1310232510.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\a05face8_d674_d434_2d71_fd2d7d3090a5.date1310232510.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\a0a6514e_4eee_091a_e7a1_00d774954ef0.date1310834943.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\a3abab6e_0d14_a1cf_1f10_7e125a5b7e64.date1309955081.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\aa8e2d99_6a08_b066_b6d3_a8b4d6dc2a86.date1309955081.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\ae1f366c_2200_ac92_e641_ab3ec70a949c.date1312082821.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\b4abe339_4184_0e61_8dfb_323fae05cd5f.date1311759727.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\bb4d3c89_ffb6_4fe2_c82f_fa03182d9d90.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\c355c0b8_4929_98d2_4e80_4fc7d20c6503.date1309955081.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\c4aafe4b_3ed9_45b3_486a_31d42b783f73.date1310232510.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\c4cd8101_ebed_9872_9ca1_ae76c4d29ebe.date1311046033.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\c5850add_86be_47d0_1d38_5ef66f8742b0.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\c592247a_8225_eb4a_347f_29b5ad5296bd.date1310321509.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\c8d56e3a_4f2c_a638_ce8c_3cd65653cfb8.date1310321509.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\c960a565_a267_5bb5_b96f_b1e2f333391f.date1311759727.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\d7bf9b4e_05ab_c7dd_7227_7c4247e5a34c.date1310232510.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\db5bf1ea_4aa9_e057_213a_37f65db46a52.date1312082821.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\db6e42f4_c885_a461_06b6_ca7c5ed6d9a7.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\de6670a7_7ae1_9e66_6a90_67a46d19532b.date1311046033.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\e1e11714_f4bf_7642_cb06_6efb34609194.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\e3fc0225_c7aa_0dff_4f0e_1010cf1bff37.date1311007704.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\e674cd9e_b587_752d_8dcc_daa318904465.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\f55cbccc_ead5_c743_dcdd_ddafcee12216.date1309955081.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\f5ff9a31_84e9_f8b5_fb10_8a623b7f4ebb.date1310834942.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\f62a39dc_e7ab_947f_c257_9219cd547d4c.date1311046033.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\f696baae_a2fd_3f3a_9e2c_32361ec4ed12.date1312082821.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\f6ffb6d8_0e0b_77bc_7608_c807df471019.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashNew\fd41c056_3a56_5dcd_2ad1_abfabadbe2ea.date1311759727.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\08a403bd_1fb2_402d_edfd_c115e7ab9cc4.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\65605056_73c9_505e_d647_afac0d498a88.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\7f5c6812_18f9_0429_93a4_d3e7450561ae.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\a559e26c_11d0_9dc2_3674_3ee96401592a.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\bae85be3_fda5_723f_4bb9_81736d77e413.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\bef6fc6f_547e_92ec_5b03_5f3ff763365f.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\blank.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\cache\flashstamp\d97435b9_2303_a0fc_768a_0387dac9718a.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1305570016_834fd3dade781a8.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1305570118_18277256_1304651458_701.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1305570118_18277256_1304651458_701.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1305641589_23811438_1305255697_545.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1305641589_23811438_1305255697_545.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1306258797_23811438_1305860295_833.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1306258797_23811438_1305860295_833.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1306691509_5881262_1223884325_397.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1306691509_5881262_1223884325_397.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307829867_6634280_1291001710_159.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307829867_6634280_1291001710_159.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307896935_7014043_1219038393_961.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307896935_7014043_1219038393_961.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307898082_18277256_1297846635_116.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307898082_18277256_1297846635_116.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307992262_6634280_1290995964_939.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1307992262_6634280_1290995964_939.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308162660_5372255_1212119445_618.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308162660_5372255_1212119445_618.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308384520_18524595_1308210064_911.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308384520_18524595_1308210064_911.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308488124_3cdfc16f121e64d.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308488124_7014043_1217301083_832.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308488124_7014043_1217301083_832.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308836175_18277256_1289197707_862.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308836175_18277256_1289197707_862.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308836175_4dd2f67cd566684.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308836591_18277256_1289197704_562.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308836591_18277256_1289197704_562.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308914799_18524595_1289549112_838.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308914799_18524595_1289549112_838.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308916154_18524595_1290148143_885.dat (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\control\1308916154_18524595_1290148143_885.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\download\funshioninstall2.4.1.20.exe (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\install latest funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\start funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????\dongchxijiu.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????????\???? ????-?11?.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????????\????? ???-?12?.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????????\????????-?13?.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????????\????????-?14?.rmvb.fc! (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\?????-mp4\?????A.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\?????-mp4\?????B.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\?????-mp4\?????C.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????-MP4\????A.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????-MP4\????B.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???????-mp4\???????A.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???????-mp4\???????B.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\???????-mp4\???????C.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????\????.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????:?????-mp4\????:?????a.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????:?????-mp4\????:?????b.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????:?????-mp4\????:?????c.mp4 (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????\????-?430?.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????\????-?431?.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????\????-?432?.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\??\??.rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\media\????\????(1-3?).rmvb (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\04a3a0c1d692461.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\18277256_1290131909_252.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\18277256_1297846635_116.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\18524595_1289549112_838.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\18524595_1290148143_885.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\18524595_1307690157_283.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\18524595_1308210064_911.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\20080446_1307856847_516.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\23811438_1305255697_545.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\4dd2f67cd566684.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\5372255_1212119445_618.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\5881262_1223884325_397.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\6634280_1290995964_939.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\6634280_1291001710_159.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\7014043_1219038393_961.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\Seed\834fd3dade781a8.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\adlinkparamfile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\ad_define.fai.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\flashnew.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\flashparam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\flashparam.txt.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\Pop Game.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\shopping sites.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\stamppolicy.txt (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\Oliver\funshion\update\updatexmlfile.txt (Adware.Funshion) -> Quarantined and deleted successfully.

ken545
2011-08-16, 02:28
:bigthumb:

Make sure you reboot your system and keep Spybot disabled.

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

oholton1
2011-08-16, 17:07
OTL logfile created on: 8/16/2011 2:40:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Oliver\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 52.76% Memory free
7.92 Gb Paging File | 5.87 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 195.65 Gb Free Space | 69.04% Space Free | Partition Type: NTFS

Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Oliver\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Oliver\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\299d0b38053fd7cbd84bac2178c3703b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Secunia\PSI\psires.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NdisrdMP) -- C:\Windows\SysNative\drivers\Ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (Ndisrd) -- C:\Windows\SysNative\drivers\Ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: david.lancashire@gmail.com:1.6
FF - prefs.js..extensions.enabledItems: service@popupchinese.com:1.3
FF - prefs.js..extensions.enabledItems: control@freedur.com:2.12.200910211624
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files (x86)\Tencent\QQLive\npQQLive.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/09 12:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 13:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/09 16:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/09 16:45:19 | 000,000,000 | ---D | M]

[2010/02/15 15:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Extensions
[2011/07/04 16:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions
[2010/09/12 09:45:20 | 000,000,000 | ---D | M] ("Freedur Firefox Addon") -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\control@freedur.com
[2010/07/22 02:01:08 | 000,000,000 | ---D | M] (Popup Chinese Dictionary) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\david.lancashire@gmail.com
[2010/07/22 02:01:08 | 000,000,000 | ---D | M] (Tone and Color - PopupChinese.com) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\service@popupchinese.com
[2011/08/15 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/28 16:12:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/12 18:30:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/15 07:50:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 00:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/15 22:50:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/09 12:37:34 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\OLIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZT95E3PG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/25 19:25:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/15 22:46:12 | 000,436,434 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ncikuToolBar) - {77D8DC41-9CE3-42E2-AF46-84F9686BFE21} - C:\Program Files (x86)\nciku\Toolbar\ncikuToolbar_0_5_1_74.dll (NHN Corporation.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000..\Run: [QQ2009] C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe (Tencent)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .cdx - C:\Program Files (x86)\Internet Explorer\Plugins\NPCDP32.DLL (CambridgeSoft.Com)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C052A649-6FEA-4AF3-81E4-DE31A8AD46B5} http://xmp.down.sandai.net/kankan/xoli.cab (xinstallerimpl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42145a31-c696-11df-982f-00256476a9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{42145a31-c696-11df-982f-00256476a9d5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/16 13:46:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/16 13:46:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/16 13:46:00 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/16 13:46:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/16 13:46:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/16 13:46:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/16 13:46:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/16 13:46:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/16 13:46:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/16 13:46:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/16 13:46:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/16 13:45:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/16 13:45:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/16 13:45:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/16 13:45:59 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/16 13:45:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/16 13:45:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/16 13:45:59 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/16 13:45:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/16 13:45:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/16 13:45:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/16 13:45:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/16 13:45:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/16 13:45:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/16 13:45:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/16 13:45:59 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/16 13:45:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/16 13:45:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/16 13:45:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/16 13:45:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/16 13:45:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/16 13:45:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/16 13:45:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/16 13:45:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/16 13:45:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/16 13:45:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/16 13:45:58 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/16 13:45:58 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/16 13:45:58 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/16 13:45:58 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/16 13:45:58 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/16 13:45:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/16 13:45:58 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/16 13:45:58 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/16 13:45:58 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/16 13:45:58 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/16 13:45:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/16 13:45:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/16 13:45:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/16 13:45:58 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/16 13:45:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/16 13:45:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/16 13:45:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/16 13:45:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/16 13:45:58 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/16 13:45:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/16 13:45:58 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/16 13:45:58 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/16 13:45:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/16 13:45:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/16 13:45:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/16 13:45:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/16 13:45:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/16 13:45:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/16 13:45:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/16 13:45:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/16 13:45:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/16 13:45:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/16 13:45:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/16 13:45:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/16 13:45:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/16 13:45:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/16 13:11:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/16 13:09:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/16 05:10:38 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\tazti
[2011/08/16 05:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Voice Tech Group, Inc
[2011/08/16 05:09:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\tazti
[2011/08/15 23:36:47 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\OneNote Notebooks
[2011/08/15 23:00:24 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{B67B35AE-4DBC-486C-931E-B48A53093F21}
[2011/08/15 23:00:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{08AC6082-6BAD-4247-A01B-872D106C0F1D}
[2011/08/15 22:55:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/15 22:52:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/08/15 22:52:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/08/15 22:52:01 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/08/15 22:52:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/08/15 22:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/15 22:50:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/15 22:50:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/15 22:50:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/15 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{602DB32A-2AA2-458D-8B19-3BD5E4491290}
[2011/08/15 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{2A8CA8E2-CFA6-42AE-AD1B-59AEBEA74BEB}
[2011/08/15 22:22:39 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Malwarebytes
[2011/08/15 22:22:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/15 22:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/15 22:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/15 22:22:27 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/15 22:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/15 22:19:54 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{7A26B360-2EED-4419-9786-ED0EBE7D54E6}
[2011/08/15 22:19:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{A5DD7461-6D14-407B-BE08-AA8733CF8C3E}
[2011/08/15 19:06:43 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{BD0484AA-129E-4344-AC41-8667BFEE3FA1}
[2011/08/15 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{26FFCC19-D818-4AEF-9CD1-D2251D91E4A4}
[2011/08/12 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{E39AA2AB-4A91-4071-BD92-D72EBF3B69EB}
[2011/08/12 03:21:42 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{42D7D62C-C591-4CBE-BA1A-6314E5142E50}
[2011/08/11 03:01:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/08/10 13:23:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 13:23:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 13:23:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 13:23:25 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 13:23:25 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 13:23:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 13:23:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 13:23:25 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 13:23:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 13:23:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 13:23:19 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 13:23:19 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 13:23:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 13:23:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 13:23:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 13:23:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 13:23:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 13:23:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 13:23:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 13:23:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 13:23:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 13:23:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 13:23:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 13:23:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 13:23:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 13:23:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 13:23:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 13:23:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 13:23:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 13:22:50 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 13:22:49 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 13:22:49 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/09 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/09 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/07 01:56:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/07 01:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/07 01:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/07/31 04:25:53 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{EE71AC1A-BDD0-4EC2-991F-9FD5373109FA}
[2011/07/28 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/27 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{D2AD43FF-0192-415A-8218-806BAABD5920}
[2011/07/23 10:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/23 10:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/23 10:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/22 23:13:48 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{82E55148-B67D-40CA-A749-9D5FA6FCD2EF}
[2011/07/21 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{D73B06B2-B783-41C6-98D9-DF7898B470BB}
[2011/07/21 06:33:12 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\DK Education
[2011/07/20 14:11:03 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{01C07453-F97D-4B14-8FC4-15368610547B}
[2011/07/19 19:59:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{7D8495DD-2733-44DA-A8FC-1C4489804748}
[2011/07/19 09:19:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{EB366AA2-A56C-4D72-BFBB-BCFDF0974D23}
[2011/07/19 05:47:19 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{094D9CEF-8570-4C08-B631-517DD523BEBD}
[2011/07/18 17:46:45 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{0CB9ADD0-8378-434B-8686-AB4275B06B24}
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Oliver\Desktop\*.tmp files -> C:\Users\Oliver\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/16 14:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325289296-2163161933-1334178457-1000UA.job
[2011/08/16 14:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 14:27:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/16 14:27:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/16 14:26:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/16 14:26:13 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/16 14:26:13 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/16 14:19:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

oholton1
2011-08-16, 17:07
[2011/08/16 14:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/16 14:18:40 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 14:05:44 | 000,001,443 | ---- | M] () -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/16 13:55:48 | 000,440,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/16 13:46:00 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/16 13:46:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/16 13:46:00 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/16 13:46:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/16 13:46:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/16 13:46:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/16 13:46:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/16 13:46:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/16 13:46:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/16 13:46:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/16 13:46:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/16 13:45:59 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/16 13:45:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/16 13:45:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/16 13:45:59 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/16 13:45:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/16 13:45:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/16 13:45:59 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/16 13:45:59 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/16 13:45:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/16 13:45:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/16 13:45:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/16 13:45:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/16 13:45:59 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/16 13:45:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/16 13:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/16 13:45:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/16 13:45:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/16 13:45:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/16 13:45:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/16 13:45:59 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/16 13:45:59 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/16 13:45:59 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/16 13:45:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/16 13:45:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/16 13:45:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/16 13:45:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/16 13:45:58 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/16 13:45:58 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/16 13:45:58 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/16 13:45:58 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/16 13:45:58 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/16 13:45:58 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/16 13:45:58 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/16 13:45:58 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/16 13:45:58 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/16 13:45:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/16 13:45:58 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/16 13:45:58 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/16 13:45:58 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/16 13:45:58 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/16 13:45:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/16 13:45:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/16 13:45:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/16 13:45:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/16 13:45:58 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/16 13:45:58 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/16 13:45:58 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/16 13:45:58 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/16 13:45:58 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/16 13:45:58 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/16 13:45:58 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/16 13:45:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/16 13:45:58 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/16 13:45:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/16 13:45:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/16 13:45:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/16 13:45:58 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/16 13:45:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/16 13:45:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/16 13:45:58 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/16 13:45:58 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/16 13:45:58 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/16 13:45:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/16 13:26:53 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/08/16 13:26:53 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/08/16 13:10:18 | 128,208,339 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/16 05:09:15 | 000,002,617 | ---- | M] () -- C:\Users\Public\Desktop\tazti.lnk
[2011/08/16 00:46:34 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325289296-2163161933-1334178457-1000Core.job
[2011/08/16 00:45:33 | 003,523,109 | ---- | M] () -- C:\Users\Oliver\Desktop\Freelance-Setup.zip
[2011/08/15 23:46:55 | 000,002,619 | ---- | M] () -- C:\Users\Oliver\Desktop\OneNote 2007.lnk
[2011/08/15 23:36:47 | 000,001,312 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/15 23:27:57 | 000,002,645 | ---- | M] () -- C:\Users\Oliver\Desktop\PowerPoint 2007.lnk
[2011/08/15 23:27:11 | 000,002,693 | ---- | M] () -- C:\Users\Oliver\Desktop\Word 2007.lnk
[2011/08/15 23:24:52 | 000,002,488 | ---- | M] () -- C:\Users\Oliver\Desktop\MSN.lnk
[2011/08/15 22:46:12 | 000,436,434 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/15 22:22:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/12 03:20:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/09 16:45:09 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 12:37:35 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/07 01:55:20 | 000,001,110 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/07 00:49:26 | 000,436,368 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110815-224612.backup
[2011/08/01 12:18:48 | 000,064,289 | ---- | M] () -- C:\Users\Oliver\Desktop\jobseekers app confirmation.pdf
[2011/07/28 16:12:37 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/24 12:49:44 | 000,436,154 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110807-004926.backup
[2011/07/23 10:43:04 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Oliver\Desktop\*.tmp files -> C:\Users\Oliver\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========
[2011/08/16 14:05:07 | 000,001,449 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/16 13:45:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/16 13:45:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/16 05:09:15 | 000,002,629 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tazti.lnk
[2011/08/16 05:09:15 | 000,002,617 | ---- | C] () -- C:\Users\Public\Desktop\tazti.lnk
[2011/08/16 02:23:25 | 004,917,604 | ---- | C] () -- C:\Users\Oliver\Desktop\Prudential.WAV
[2011/08/16 02:23:25 | 000,307,457 | ---- | C] () -- C:\Users\Oliver\Desktop\Global Lingo Writer's Guide.pdf
[2011/08/16 02:23:25 | 000,044,651 | ---- | C] () -- C:\Users\Oliver\Desktop\Global Lingo Contract (Subcontractors).pdf
[2011/08/16 00:45:32 | 003,523,109 | ---- | C] () -- C:\Users\Oliver\Desktop\Freelance-Setup.zip
[2011/08/15 23:46:55 | 000,002,619 | ---- | C] () -- C:\Users\Oliver\Desktop\OneNote 2007.lnk
[2011/08/15 23:36:46 | 000,001,312 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/15 23:28:10 | 000,002,655 | ---- | C] () -- C:\Users\Oliver\Desktop\Excel 2007.lnk
[2011/08/15 23:27:57 | 000,002,645 | ---- | C] () -- C:\Users\Oliver\Desktop\PowerPoint 2007.lnk
[2011/08/15 23:27:11 | 000,002,693 | ---- | C] () -- C:\Users\Oliver\Desktop\Word 2007.lnk
[2011/08/15 23:24:52 | 000,002,488 | ---- | C] () -- C:\Users\Oliver\Desktop\MSN.lnk
[2011/08/15 23:24:22 | 000,001,093 | ---- | C] () -- C:\Users\Oliver\Desktop\Secunia PSI.lnk
[2011/08/15 23:18:16 | 000,001,449 | ---- | C] () -- C:\Users\Oliver\Desktop\Internet Explorer.lnk
[2011/08/15 22:22:31 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 16:45:09 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/07 01:55:20 | 000,001,110 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/01 12:18:48 | 000,064,289 | ---- | C] () -- C:\Users\Oliver\Desktop\jobseekers app confirmation.pdf
[2011/07/28 16:12:37 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/23 10:43:04 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/21 01:53:53 | 000,008,192 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 18:32:35 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/12/02 18:32:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/12/02 17:56:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/05/07 18:14:57 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/02/18 00:25:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/02 12:44:59 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/02 12:44:58 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/02 12:44:58 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/02 12:44:57 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/02 11:28:15 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/10/28 00:22:08 | 004,835,652 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/10/28 00:16:44 | 001,632,375 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2009/10/28 00:16:12 | 000,611,638 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/10/28 00:10:02 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/10/27 23:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/10/27 23:28:08 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/10/17 00:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/10/17 00:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/10/17 00:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/10/17 00:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/10/17 00:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/10/17 00:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/10/17 00:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/10/16 21:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/10/16 21:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/16 20:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/10/16 20:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/16 11:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/07/31 02:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

========== LOP Check ==========

[2011/08/15 23:50:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Audacity
[2010/12/21 16:14:19 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\AVG10
[2010/04/21 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\BitZipper
[2010/12/12 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Downloaded Installations
[2010/02/19 14:39:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Dropbox
[2011/07/28 16:10:35 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\go
[2011/01/29 10:29:27 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\KuGou
[2011/08/15 10:57:45 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Nitro PDF
[2010/03/21 22:05:59 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\OpenOffice.org
[2011/06/14 10:00:01 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\PrimoPDF
[2011/04/12 14:54:12 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\SE_logs
[2010/12/03 11:56:11 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\SGPPLog
[2011/07/24 13:20:18 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\SogouExplorer
[2011/08/16 05:09:14 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\tazti
[2011/03/03 05:08:07 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Tencent
[2011/03/30 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\Oliver\AppData\Roaming\Windows Live Writer
[2011/06/02 15:57:24 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/05/21 09:45:49 | 000,001,097 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2011/04/14 16:12:09 | 000,025,088 | ---- | M] ()(C:\Users\Oliver\Desktop\?10?-3-???????.doc) -- C:\Users\Oliver\Desktop\第10课-3-听别人把话说完.doc
[2011/04/14 16:12:08 | 000,025,088 | ---- | C] ()(C:\Users\Oliver\Desktop\?10?-3-???????.doc) -- C:\Users\Oliver\Desktop\第10课-3-听别人把话说完.doc
[2011/04/12 14:54:08 | 000,001,097 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2011/03/03 05:06:55 | 000,001,169 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2011/03/03 05:06:55 | 000,001,169 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2011/03/03 05:03:20 | 000,002,217 | ---- | M] ()(C:\Users\Oliver\Desktop\??QQ.lnk) -- C:\Users\Oliver\Desktop\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,239 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,239 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,217 | ---- | C] ()(C:\Users\Oliver\Desktop\??QQ.lnk) -- C:\Users\Oliver\Desktop\腾讯QQ.lnk
[2010/03/14 09:12:11 | 000,043,008 | ---- | M] ()(C:\Users\Oliver\Documents\??????????? (corrected).doc) -- C:\Users\Oliver\Documents\主要数学符号的英文读法 (corrected).doc
[2010/03/14 09:12:10 | 000,043,008 | ---- | C] ()(C:\Users\Oliver\Documents\??????????? (corrected).doc) -- C:\Users\Oliver\Documents\主要数学符号的英文读法 (corrected).doc
(C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >

oholton1
2011-08-16, 17:08
OTL Extras logfile created on: 8/16/2011 2:40:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Oliver\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 52.76% Memory free
7.92 Gb Paging File | 5.87 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 195.65 Gb Free Space | 69.04% Space Free | Partition Type: NTFS

Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files (x86)\SogouExplorer\SogouExplorer.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\SogouExplorer\SogouExplorer.exe" "%1"

[HKEY_USERS\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\SogouExplorer\SogouExplorer.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\SogouExplorer\SogouExplorer.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{213AC470-5576-495F-B6AB-705EF12C826E}" = tazti 2.0.2
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{71F2CF3C-07C9-4FB9-8B22-8BC411C2E3EE}" = AVG 2011
"{76BC351C-05F9-4E5B-B376-3038BCF864D0}" = Nitro PDF Professional
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2011
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AB19E08-582F-4996-BB5D-7287222D25ED}" = CTeX 2.04.006
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BE16CD3F-FE02-42CD-8F0B-00FB1214AA89}" = ChemOffice Ultra 7.0
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1F055FD4-E580-4746-A561-78502790D666" = Freedur
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Aplus Video Joiner_is1" = Aplus Video Joiner 3.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BitZipper_is1" = BitZipper 2010
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist 8.0.0.514
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.0
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"nciku Toolbar with Tooltip Dictionary" = nciku Toolbar with Tooltip Dictionary
"Plants Vs Zombies" = Ö²Îï´óÕ½½©Ê¬ ºº»¯µÚÈý°æ
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"qqlive" = QQLive
"QQMusic" = QQ音乐2010
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"Sogou Input" = 搜狗拼音输入法 5.2正式版
"Tencent Browser Helper" = SOSO AddressBar Search
"TUGZip_is1" = TUGZip 3.5
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2011 4:09:42 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 5:05:03 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 6:14:59 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 7:01:55 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 8:12:02 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 9:06:43 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 10:11:03 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/14/2011 11:04:43 PM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2011 4:58:29 AM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/15/2011 5:08:57 AM | Computer Name = Oliver-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Dell Events ]
Error - 6/22/2011 3:17:38 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/23/2011 12:14:07 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/23/2011 12:14:07 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/24/2011 4:02:13 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/24/2011 4:02:13 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/25/2011 3:57:34 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/25/2011 3:57:34 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/25/2011 5:21:47 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/25/2011 5:21:47 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/11/2011 10:31:36 AM | Computer Name = Oliver-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 12/21/2010 3:13:00 PM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/29/2010 4:05:19 PM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/17/2011 11:48:32 AM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/21/2011 10:06:23 PM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/26/2011 7:05:59 PM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/3/2011 7:26:33 AM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2011 12:45:06 AM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/10/2011 8:14:28 AM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/10/2011 8:21:13 AM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/21/2011 3:36:44 AM | Computer Name = Oliver-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/17/2011 10:41:43 AM | Computer Name = Oliver-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{49CDBADF-B76C-452D-87BC-CA3B0C9C99E4}
because another computer on the network has the same name. The server could not
start.

Error - 1/28/2011 4:59:32 AM | Computer Name = Oliver-PC | Source = DCOM | ID = 10010
Description =

Error - 1/28/2011 6:19:12 AM | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/28/2011 6:19:33 AM | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/28/2011 6:20:33 AM | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 1/28/2011 8:17:00 AM | Computer Name = Oliver-PC | Source = DCOM | ID = 10010
Description =

Error - 2/2/2011 6:24:09 AM | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2/5/2011 6:11:03 AM | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 2/8/2011 11:01:28 PM | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 2/8/2011 11:01:28 PM | Computer Name = Oliver-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053


< End of report >

ken545
2011-08-16, 19:13
Hi,

Lets do this

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )





Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

oholton1
2011-08-18, 00:39
Hi, thanks for your help so far. Is it still infected?

I first ran OTL.exe as asked:


All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Oliver\Downloads\cmd.bat deleted successfully.
C:\Users\Oliver\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Oliver
->Temp folder emptied: 81121353 bytes
->Temporary Internet Files folder emptied: 486567084 bytes
->Java cache emptied: 22796090 bytes
->FireFox cache emptied: 53752690 bytes
->Flash cache emptied: 151144 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11955539 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 4373155 bytes

Total Files Cleaned = 630.00 mb


OTL by OldTimer - Version 3.2.26.4 log created on 08172011_183831

Files\Folders moved on Reboot...
C:\Users\Oliver\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



Then ran ESET:

oholton1
2011-08-18, 00:44
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Then OTL scan:

OTL logfile created on: 8/17/2011 10:37:34 PM - Run 2
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Oliver\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 37.48% Memory free
7.92 Gb Paging File | 5.26 Gb Available in Paging File | 66.46% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 191.52 Gb Free Space | 67.58% Space Free | Partition Type: NTFS

Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Oliver\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Program Files (x86)\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe (Tencent)
PRC - C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe (Tencent)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Tencent\QQ\Bin\zlib.dll ()
MOD - C:\Program Files (x86)\Tencent\QQ\Bin\libpng.dll ()
MOD - C:\Program Files (x86)\Tencent\QQ\Bin\libexpat.dll ()
MOD - C:\Program Files (x86)\Tencent\QQ\Bin\libjpeg6.dll ()
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NdisrdMP) -- C:\Windows\SysNative\drivers\Ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (Ndisrd) -- C:\Windows\SysNative\drivers\Ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: david.lancashire@gmail.com:1.6
FF - prefs.js..extensions.enabledItems: service@popupchinese.com:1.3
FF - prefs.js..extensions.enabledItems: control@freedur.com:2.12.200910211624
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files (x86)\Tencent\QQLive\npQQLive.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/09 12:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 13:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/09 16:45:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/09 16:45:19 | 000,000,000 | ---D | M]

[2010/02/15 15:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Extensions
[2011/07/04 16:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions
[2010/09/12 09:45:20 | 000,000,000 | ---D | M] ("Freedur Firefox Addon") -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\control@freedur.com
[2010/07/22 02:01:08 | 000,000,000 | ---D | M] (Popup Chinese Dictionary) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\david.lancashire@gmail.com
[2010/07/22 02:01:08 | 000,000,000 | ---D | M] (Tone and Color - PopupChinese.com) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\service@popupchinese.com
[2011/08/15 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/28 16:12:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/12 18:30:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/15 07:50:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 00:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/15 22:50:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/09 12:37:34 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\OLIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZT95E3PG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/25 19:25:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/17 18:38:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ncikuToolBar) - {77D8DC41-9CE3-42E2-AF46-84F9686BFE21} - C:\Program Files (x86)\nciku\Toolbar\ncikuToolbar_0_5_1_74.dll (NHN Corporation.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000..\Run: [QQ2009] C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe (Tencent)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .cdx - C:\Program Files (x86)\Internet Explorer\Plugins\NPCDP32.DLL (CambridgeSoft.Com)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C052A649-6FEA-4AF3-81E4-DE31A8AD46B5} http://xmp.down.sandai.net/kankan/xoli.cab (xinstallerimpl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42145a31-c696-11df-982f-00256476a9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{42145a31-c696-11df-982f-00256476a9d5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/17 19:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/08/17 18:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/16 17:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/08/16 17:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs
[2011/08/16 17:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/08/16 17:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011/08/16 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\NCH Software
[2011/08/16 13:46:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/16 13:46:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/16 13:46:00 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/16 13:46:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/16 13:46:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/16 13:46:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/16 13:46:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/16 13:46:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/16 13:46:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/16 13:46:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/16 13:46:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/16 13:45:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/16 13:45:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/16 13:45:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/16 13:45:59 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/16 13:45:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/16 13:45:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/16 13:45:59 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/16 13:45:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/16 13:45:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/16 13:45:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/16 13:45:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/16 13:45:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/16 13:45:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/16 13:45:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/16 13:45:59 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/16 13:45:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/16 13:45:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/16 13:45:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/16 13:45:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/16 13:45:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/16 13:45:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/16 13:45:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/16 13:45:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/16 13:45:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/16 13:45:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/16 13:45:58 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/16 13:45:58 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/16 13:45:58 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/16 13:45:58 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/16 13:45:58 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/16 13:45:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/16 13:45:58 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/16 13:45:58 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/16 13:45:58 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/16 13:45:58 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/16 13:45:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/16 13:45:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/16 13:45:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/16 13:45:58 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/16 13:45:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/16 13:45:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/16 13:45:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/16 13:45:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/16 13:45:58 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/16 13:45:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/16 13:45:58 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/16 13:45:58 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/16 13:45:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/16 13:45:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/16 13:45:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/16 13:45:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/16 13:45:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/16 13:45:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/16 13:45:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/16 13:45:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/16 13:45:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/16 13:45:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/16 13:45:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/16 13:45:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/16 13:45:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/16 13:45:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/16 13:11:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/16 13:09:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/16 05:10:38 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\tazti
[2011/08/16 05:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Voice Tech Group, Inc
[2011/08/16 05:09:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\tazti
[2011/08/15 23:36:47 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\OneNote Notebooks
[2011/08/15 23:00:24 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{B67B35AE-4DBC-486C-931E-B48A53093F21}
[2011/08/15 23:00:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{08AC6082-6BAD-4247-A01B-872D106C0F1D}
[2011/08/15 22:55:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/15 22:52:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/08/15 22:52:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/08/15 22:52:01 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/08/15 22:52:01 | 000,453,456 | ---- | C] (Microsoft Corporation) --

oholton1
2011-08-18, 00:45
C:\Windows\SysWow64\d3dx10_42.dll
[2011/08/15 22:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/15 22:50:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/15 22:50:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/15 22:50:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/15 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{602DB32A-2AA2-458D-8B19-3BD5E4491290}
[2011/08/15 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{2A8CA8E2-CFA6-42AE-AD1B-59AEBEA74BEB}
[2011/08/15 22:22:39 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Malwarebytes
[2011/08/15 22:22:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/15 22:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/15 22:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/15 22:22:27 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/15 22:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/15 22:19:54 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{7A26B360-2EED-4419-9786-ED0EBE7D54E6}
[2011/08/15 22:19:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{A5DD7461-6D14-407B-BE08-AA8733CF8C3E}
[2011/08/15 19:06:43 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{BD0484AA-129E-4344-AC41-8667BFEE3FA1}
[2011/08/15 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{26FFCC19-D818-4AEF-9CD1-D2251D91E4A4}
[2011/08/12 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{E39AA2AB-4A91-4071-BD92-D72EBF3B69EB}
[2011/08/12 03:21:42 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{42D7D62C-C591-4CBE-BA1A-6314E5142E50}
[2011/08/11 03:01:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/08/10 13:23:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 13:23:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 13:23:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 13:23:25 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 13:23:25 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 13:23:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 13:23:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 13:23:25 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 13:23:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 13:23:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 13:23:19 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 13:23:19 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 13:23:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 13:23:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 13:23:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 13:23:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 13:23:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 13:23:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 13:23:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 13:23:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 13:23:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 13:23:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 13:23:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 13:23:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 13:23:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 13:23:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 13:23:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 13:23:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 13:23:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 13:22:50 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 13:22:49 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 13:22:49 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/09 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/09 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/07 01:56:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/07 01:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/07 01:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/07/31 04:25:53 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{EE71AC1A-BDD0-4EC2-991F-9FD5373109FA}
[2011/07/28 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/27 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{D2AD43FF-0192-415A-8218-806BAABD5920}
[2011/07/23 10:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/23 10:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/23 10:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/22 23:13:48 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{82E55148-B67D-40CA-A749-9D5FA6FCD2EF}
[2011/07/21 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{D73B06B2-B783-41C6-98D9-DF7898B470BB}
[2011/07/21 06:33:12 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\DK Education
[2011/07/20 14:11:03 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{01C07453-F97D-4B14-8FC4-15368610547B}
[2011/07/19 19:59:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{7D8495DD-2733-44DA-A8FC-1C4489804748}
[2011/07/19 09:19:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{EB366AA2-A56C-4D72-BFBB-BCFDF0974D23}
[2011/07/19 05:47:19 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{094D9CEF-8570-4C08-B631-517DD523BEBD}
[2 C:\Users\Oliver\Desktop\*.tmp files -> C:\Users\Oliver\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/17 22:34:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/17 22:34:40 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/17 22:34:40 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/17 22:34:09 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325289296-2163161933-1334178457-1000UA.job
[2011/08/17 22:30:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 18:51:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 18:51:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 18:44:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/17 18:43:47 | 000,440,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/17 18:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 18:43:18 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 18:38:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/08/17 18:18:36 | 128,333,473 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/17 17:02:23 | 000,081,045 | ---- | M] () -- C:\Users\Oliver\Desktop\THU 11 Essay Questions.pdf
[2011/08/17 00:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325289296-2163161933-1334178457-1000Core.job
[2011/08/16 17:08:36 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Express Dictate.lnk
[2011/08/16 17:08:01 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Express Scribe.lnk
[2011/08/16 14:05:44 | 000,001,443 | ---- | M] () -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/16 13:46:00 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/16 13:46:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/16 13:46:00 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/16 13:46:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/16 13:46:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/16 13:46:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/16 13:46:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/16 13:46:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/16 13:46:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/16 13:46:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/16 13:46:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/16 13:45:59 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/16 13:45:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/16 13:45:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/16 13:45:59 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/16 13:45:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/16 13:45:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/16 13:45:59 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/16 13:45:59 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/16 13:45:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/16 13:45:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/16 13:45:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/16 13:45:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/16 13:45:59 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/16 13:45:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/16 13:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/16 13:45:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/16 13:45:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/16 13:45:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/16 13:45:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/16 13:45:59 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/16 13:45:59 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/16 13:45:59 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/16 13:45:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/16 13:45:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/16 13:45:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/16 13:45:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/16 13:45:58 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/16 13:45:58 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/16 13:45:58 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/16 13:45:58 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/16 13:45:58 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/16 13:45:58 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/16 13:45:58 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/16 13:45:58 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/16 13:45:58 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/16 13:45:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/16 13:45:58 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/16 13:45:58 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/16 13:45:58 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/16 13:45:58 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/16 13:45:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/16 13:45:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/16 13:45:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/16 13:45:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/16 13:45:58 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/16 13:45:58 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/16 13:45:58 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/16 13:45:58 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/16 13:45:58 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/16 13:45:58 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/16 13:45:58 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/16 13:45:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/16 13:45:58 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/16 13:45:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/16 13:45:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/16 13:45:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/16 13:45:58 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/16 13:45:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/16 13:45:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/16 13:45:58 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/16 13:45:58 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/16 13:45:58 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/16 13:45:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/16 13:26:53 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/08/16 13:26:53 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/08/16 05:09:15 | 000,002,617 | ---- | M] () -- C:\Users\Public\Desktop\tazti.lnk
[2011/08/16 00:45:33 | 003,523,109 | ---- | M] () -- C:\Users\Oliver\Desktop\Freelance-Setup.zip
[2011/08/15 23:46:55 | 000,002,619 | ---- | M] () -- C:\Users\Oliver\Desktop\OneNote 2007.lnk
[2011/08/15 23:36:47 | 000,001,312 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/15 23:27:57 | 000,002,645 | ---- | M] () -- C:\Users\Oliver\Desktop\PowerPoint 2007.lnk
[2011/08/15 23:27:11 | 000,002,693 | ---- | M] () -- C:\Users\Oliver\Desktop\Word 2007.lnk
[2011/08/15 23:24:52 | 000,002,488 | ---- | M] () -- C:\Users\Oliver\Desktop\MSN.lnk
[2011/08/15 22:22:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/12 03:20:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/09 16:45:09 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 12:37:35 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/07 01:55:20 | 000,001,110 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/07 00:49:26 | 000,436,368 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110815-224612.backup
[2011/08/01 12:18:48 | 000,064,289 | ---- | M] () -- C:\Users\Oliver\Desktop\jobseekers app confirmation.pdf
[2011/07/28 16:12:37 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/24 12:49:44 | 000,436,154 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110807-004926.backup
[2011/07/23 10:43:04 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\Oliver\Desktop\*.tmp files -> C:\Users\Oliver\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/17 17:02:21 | 000,081,045 | ---- | C] () -- C:\Users\Oliver\Desktop\THU 11 Essay Questions.pdf
[2011/08/16 17:08:36 | 000,001,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
[2011/08/16 17:08:36 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Express Dictate.lnk
[2011/08/16 17:08:01 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk
[2011/08/16 17:08:01 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Express Scribe.lnk
[2011/08/16 14:05:07 | 000,001,449 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/16 13:45:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/16 13:45:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/16 05:09:15 | 000,002,629 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tazti.lnk
[2011/08/16 05:09:15 | 000,002,617 | ---- | C] () -- C:\Users\Public\Desktop\tazti.lnk
[2011/08/16 02:23:25 | 004,917,604 | ---- | C] () -- C:\Users\Oliver\Desktop\Prudential.WAV
[2011/08/16 02:23:25 | 000,307,457 | ---- | C] () -- C:\Users\Oliver\Desktop\Global Lingo Writer's Guide.pdf
[2011/08/16 02:23:25 | 000,044,651 | ---- | C] () -- C:\Users\Oliver\Desktop\Global Lingo Contract (Subcontractors).pdf
[2011/08/16 00:45:32 | 003,523,109 | ---- | C] () -- C:\Users\Oliver\Desktop\Freelance-Setup.zip
[2011/08/15 23:46:55 | 000,002,619 | ---- | C] () -- C:\Users\Oliver\Desktop\OneNote 2007.lnk
[2011/08/15 23:36:46 | 000,001,312 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/15 23:28:10 | 000,002,655 | ---- | C] () -- C:\Users\Oliver\Desktop\Excel 2007.lnk
[2011/08/15 23:27:57 | 000,002,645 | ---- | C] () -- C:\Users\Oliver\Desktop\PowerPoint 2007.lnk
[2011/08/15 23:27:11 | 000,002,693 | ---- | C] () -- C:\Users\Oliver\Desktop\Word 2007.lnk
[2011/08/15 23:24:52 | 000,002,488 | ---- | C] () -- C:\Users\Oliver\Desktop\MSN.lnk
[2011/08/15 23:24:22 | 000,001,093 | ---- | C] () -- C:\Users\Oliver\Desktop\Secunia PSI.lnk
[2011/08/15 23:18:16 | 000,001,449 | ---- | C] () -- C:\Users\Oliver\Desktop\Internet Explorer.lnk
[2011/08/15 22:22:31 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 16:45:09 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/07 01:55:20 | 000,001,110 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/01 12:18:48 | 000,064,289 | ---- | C] () -- C:\Users\Oliver\Desktop\jobseekers app confirmation.pdf
[2011/07/28 16:12:37 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/23 10:43:04 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/21 01:53:53 | 000,008,192 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 18:32:35 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/12/02 18:32:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/12/02 17:56:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/05/07 18:14:57 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/02/18 00:25:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/02 12:44:59 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/02 12:44:58 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/02 12:44:58 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/02 12:44:57 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/02 11:28:15 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/10/28 00:22:08 | 004,835,652 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/10/28 00:16:44 | 001,632,375 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2009/10/28 00:16:12 | 000,611,638 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/10/28 00:10:02 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/10/27 23:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/10/27 23:28:08 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/10/17 00:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/10/17 00:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/10/17 00:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/10/17 00:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/10/17 00:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/10/17 00:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/10/17 00:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/10/16 21:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/10/16 21:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/16 20:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/10/16 20:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/16 11:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/07/31 02:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

========== Files - Unicode (All) ==========
[2011/05/21 09:45:49 | 000,001,097 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2011/04/14 16:12:09 | 000,025,088 | ---- | M] ()(C:\Users\Oliver\Desktop\?10?-3-???????.doc) -- C:\Users\Oliver\Desktop\第10课-3-听别人把话说完.doc
[2011/04/14 16:12:08 | 000,025,088 | ---- | C] ()(C:\Users\Oliver\Desktop\?10?-3-???????.doc) -- C:\Users\Oliver\Desktop\第10课-3-听别人把话说完.doc
[2011/04/12 14:54:08 | 000,001,097 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2011/03/03 05:06:55 | 000,001,169 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2011/03/03 05:06:55 | 000,001,169 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2011/03/03 05:03:20 | 000,002,217 | ---- | M] ()(C:\Users\Oliver\Desktop\??QQ.lnk) -- C:\Users\Oliver\Desktop\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,239 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,239 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,217 | ---- | C] ()(C:\Users\Oliver\Desktop\??QQ.lnk) -- C:\Users\Oliver\Desktop\腾讯QQ.lnk
[2010/03/14 09:12:11 | 000,043,008 | ---- | M] ()(C:\Users\Oliver\Documents\??????????? (corrected).doc) -- C:\Users\Oliver\Documents\主要数学符号的英文读法 (corrected).doc
[2010/03/14 09:12:10 | 000,043,008 | ---- | C] ()(C:\Users\Oliver\Documents\??????????? (corrected).doc) -- C:\Users\Oliver\Documents\主要数学符号的英文读法 (corrected).doc
(C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >

ken545
2011-08-18, 02:47
How are things running now, any browser redirects or unwanted pop up windows ?

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

oholton1
2011-08-18, 03:04
There aren't any noticeable problems. I ran ESET and it didn't seem to find anything. The log is very short, it only says:



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

ken545
2011-08-18, 03:50
Is Spybot coming back ok ?

oholton1
2011-08-18, 06:17
No, unfortunately, I just ran Spybot and it says it is still there. I found the report from Spybot and posted it below. It seems that the trojan is actually related to a Chinese program called Sogou that I normally use to type Chinese characters. Is it residing there, a false positive or do I need just to delete Sogou?



--- Search result list ---
Win32.Agent.bb: [SBI $E6716A09] Program directory (Directory, fixing failed)
C:\Users\Oliver\AppData\Roaming\SogouExplorer\


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-06-25 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-08-16 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-08-01 Includes\TrojansC-02.sbi (*)
2011-08-09 Includes\TrojansC-03.sbi (*)
2011-08-15 Includes\TrojansC-04.sbi (*)
2011-08-16 Includes\TrojansC-05.sbi (*)
2011-08-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-23 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: 37BF603C3685289CA684C4D3400A9DE7

Located: HK_LM:Run, AVG_TRAY
command: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
file: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
size: 2334560
MD5: 140F771CADA8724200434C39918F2EA0

Located: HK_LM:Run, Dell Webcam Central
command: "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
file: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
size: 409744
MD5: 80B62FF105908EC9E4B072AFB1CFC824

Located: HK_LM:Run, Desktop Disc Tool
command: "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
file: C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
size: 494064
MD5: 263DF54E9C61C401FD7FF29A3DA1FDFB

Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
size: 1230704
MD5: B03777912AE3473D9FC0936E6025F8B9

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: FDE6DA67628FB7B763336B6952CF6C3C

Located: HK_LM:Run, PDVDDXSrv
command: "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
size: 140520
MD5: 1F5A26DF97C33CD24A8ED4D4A1FF1348

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 73430E79D6DF4DE9055E2A7742B881D3

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B

Located: HK_LM:Run, TkBellExe
command: "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
file: c:\program files (x86)\real\realplayer\Update\realsched.exe
size: 273544
MD5: B114DB354D13A21C1AC2B1807EE2F500

Located: HK_LM:RunOnce, "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
command: "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
file: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
size: 560128
MD5: 6ED7133DD4480090DE15EEC9EC5B8BDE

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Google Update
where: S-1-5-21-1325289296-2163161933-1334178457-1000...
command: "C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\Oliver\AppData\Local\Google\Update\GoogleUpdate.exe
size: 136176
MD5: F02A533F517EB38333CB12A9E8963773

Located: HK_CU:Run, QQ2009
where: S-1-5-21-1325289296-2163161933-1334178457-1000...
command: "C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe" /background
file: C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe
size: 136568
MD5: 8C344E74ADCE73FE490AF6B325DFC2B2

Located: HK_CU:Run, Sidebar
where: S-1-5-21-1325289296-2163161933-1334178457-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3

Located: Startup (user), Dell Dock.lnk
where: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Dell\DellDock\DellDock.exe
file: C:\Program Files (x86)\Dell\DellDock\DellDock.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (user), ERUNT AutoBackup.lnk
where: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
file: C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
size: 97680
MD5: 32C26797AB646074A2BB562F9D10ADB5

Located: Startup (user), OpenOffice.org 3.2.lnk
where: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: 28675E96E9CC2A81C0B0E182674E03C7



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 9/22/2010 11:04:14 AM
Date (last access): 11/8/2010 9:05:12 AM
Date (last write): 9/22/2010 11:04:14 AM
Filesize: 75200
Attributes: archive
MD5: 203A74767EB81F96A5166B1933DB46D0
CRC32: B0D671C9
Version: 9.4.0.195

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 5/25/2011 1:17:04 PM
Date (last access): 5/25/2011 1:17:04 PM
Date (last write): 5/25/2011 1:17:04 PM
Filesize: 386776
Attributes: archive
MD5: B7EDEA9FC720F74FD15A3F5C4BCEEDA3
CRC32: 801D7776
Version: 12.0.1.647

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files (x86)\AVG\AVG10\
Long name: avgssie.dll
Short name:
Date (created): 8/5/2011 1:20:30 PM
Date (last access): 8/9/2011 12:37:32 PM
Date (last write): 8/5/2011 1:20:30 PM
Filesize: 2274144
Attributes: archive
MD5: 4109B81AEDEED60102542554F4E69F10
CRC32: 0E9B870A
Version: 10.0.0.1392

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://www.safer-networking.org/
info source: Safer-Networking Ltd.
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 6/25/2010 6:29:46 PM
Date (last access): 6/25/2010 6:29:46 PM
Date (last write): 1/26/2009 8:31:02 AM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SEPsearchhelperie.dll
Short name: SEPSEA~1.DLL
Date (created): 9/22/2010 5:03:38 AM
Date (last access): 10/21/2010 7:28:06 PM
Date (last write): 9/22/2010 5:03:38 AM
Filesize: 191792
Attributes: archive
MD5: A4AD1AA4C57409480C1D84BBCA6BECF0
CRC32: 3A7EBABF
Version: 3.0.133.0

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files (x86)\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GR469A~1.DLL
Date (created): 2/12/2009 8:19:32 AM
Date (last access): 12/20/2010 8:03:46 PM
Date (last write): 2/12/2009 8:19:32 AM
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 3/28/2011 8:35:06 PM
Date (last access): 8/15/2011 10:52:26 PM
Date (last write): 3/28/2011 8:35:06 PM
Filesize: 441216
Attributes: archive
MD5: CF39A105CD553EED31E2255AFF4C6742
CRC32: 3D1149C5
Version: 7.250.4232.0

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} (Windows Live Messenger Companion Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Messenger Companion Helper
Path: C:\Program Files (x86)\Windows Live\Companion\
Long name: companioncore.dll
Short name: COMPAN~1.DLL
Date (created): 5/13/2011 3:21:16 PM
Date (last access): 8/15/2011 10:55:16 PM
Date (last write): 5/13/2011 3:21:16 PM
Filesize: 393600
Attributes: archive
MD5: 0EE505F20817F13DEA0C6907A94469D2
CRC32: 7637CECF
Version: 15.4.3538.513

{c95a4e8e-816d-4655-8c79-d736da1adb6d} (Hotspot Shield Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Hotspot Shield Toolbar
Path: C:\Program Files (x86)\Hotspot_Shield\
Long name: tbHots.dll
Short name:
Date (created): 12/18/2010 11:20:32 AM
Date (last access): 12/18/2010 11:20:32 AM
Date (last write): 6/24/2008 4:17:52 PM
Filesize: 1569304
Attributes: archive
MD5: 57B36B398D9742A8382BCEE3E2E5DECB
CRC32: C7C8956F
Version: 4.5.186.6

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Bing Bar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Bing Bar BHO
Path: C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\
Long name: npwinext.dll
Short name:
Date (created): 9/22/2010 6:19:36 AM
Date (last access): 5/17/2011 8:45:24 PM
Date (last write): 9/22/2010 6:19:36 AM
Filesize: 612616
Attributes: archive
MD5: DA7763DBF7D7679B52A3F1484FBD3FB7
CRC32: E054B91F
Version: 6.3.2322.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 8/3/2011 4:21:58 PM
Date (last access): 8/15/2011 10:49:32 PM
Date (last write): 8/3/2011 4:21:58 PM
Filesize: 42272
Attributes: archive
MD5: E7D55E121FF1951CB86C7E0DC6A33877
CRC32: 0EA0302A
Version: 6.0.260.3



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/2/2009 11:09:16 AM
Date (last access): 5/4/2011 5:54:22 AM
Date (last write): 5/4/2011 4:52:24 AM
Filesize: 112416
Attributes: archive
MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
CRC32: 18200451
Version: 6.0.260.3

{C052A649-6FEA-4AF3-81E4-DE31A8AD46B5} (xinstallerimpl Class)
DPF name:
CLSID name: xinstallerimpl Class
Installer: C:\Windows\Downloaded Program Files\xoli.inf
Codebase: http://xmp.down.sandai.net/kankan/xoli.cab
Path: C:\Windows\SysWow64\
Long name: xoli2.dll
Short name:
Date (created): 10/25/2010 7:28:14 AM
Date (last access): 10/25/2010 7:28:14 AM
Date (last write): 10/25/2010 7:28:14 AM
Filesize: 204296
Attributes: archive
MD5: 930260149F50FCBCBDE5B40C05F3D28D
CRC32: 1EDBE869
Version: 1.0.0.8

{C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class)
DPF name:
CLSID name: WRC Class
Installer:
Codebase: http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Path: C:\Windows\Downloaded Program Files\
Long name: wrc32.ocx
Short name:
Date (created): 3/21/2010 9:49:30 PM
Date (last access): 3/21/2010 9:49:30 PM
Date (last write): 3/21/2010 9:49:12 PM
Filesize: 115024
Attributes: archive
MD5: BC6B5C4BBA48C196FED2CFB9E33B14D3
CRC32: 8ACFB4AB
Version: 14.0.4730.3000

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/2/2009 11:09:16 AM
Date (last access): 5/4/2011 5:54:22 AM
Date (last write): 5/4/2011 4:52:24 AM
Filesize: 112416
Attributes: archive
MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
CRC32: 18200451
Version: 6.0.260.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_26.dll
Short name: NPJPI1~1.DLL
Date (created): 5/4/2011 2:25:52 AM
Date (last access): 5/4/2011 5:54:32 AM
Date (last write): 5/4/2011 4:52:30 AM
Filesize: 141088
Attributes: archive
MD5: 9210B3BC2BC4FF4F4281F7D7C294233A
CRC32: B23F2824
Version: 6.0.260.3



--- Process list ---
PID: 0 ( 0) [System]
PID: 3356 (1012) C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
size: 783680
MD5: 0A0BED9DBCD1CA8363464AAEB6E0BD11
PID: 3764 (3284) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
size: 464856
MD5: C661A0C3603EF6E162A32DE787745BB8
PID: 4080 (3876) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
size: 3811648
MD5: D155D71DB7DAE44C2D64059F0FBD9880
PID: 3228 (3476) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
size: 186904
MD5: 5AF1E9600E3FF841E522703A4993ED0C
PID: 636 (3476) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
size: 97680
MD5: 32C26797AB646074A2BB562F9D10ADB5
PID: 2360 (1424) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
size: 7424000
MD5: ABC2C67DFD48930F846934B907C3D606
PID: 496 (1576) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
size: 140520
MD5: 1F5A26DF97C33CD24A8ED4D4A1FF1348
PID: 2000 (1576) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
size: 409744
MD5: 80B62FF105908EC9E4B072AFB1CFC824
PID: 4120 (2360) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
size: 7418368
MD5: 15D982E21248E9BE337D9B40247AF30E
PID: 4140 (1576) C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
size: 494064
MD5: 263DF54E9C61C401FD7FF29A3DA1FDFB
PID: 4240 (1576) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
PID: 4336 (1576) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
size: 2334560
MD5: 140F771CADA8724200434C39918F2EA0
PID: 4464 (1576) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
size: 1230704
MD5: B03777912AE3473D9FC0936E6025F8B9
PID: 4496 (1576) C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
size: 273544
MD5: B114DB354D13A21C1AC2B1807EE2F500
PID: 4544 (1576) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421736
MD5: FDE6DA67628FB7B763336B6952CF6C3C
PID: 4660 (1576) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
PID: 4696 (4336) C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
size: 1148256
MD5: 350A0C2CC411A6B0982604C8893C3E93
PID: 7080 (3476) C:\Program Files (x86)\Skype\Phone\Skype.exe
size: 15141768
MD5: 5D539617604E953FD2DF852F4B51A383
PID: 6868 (3476) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
size: 1001840
MD5: 96F0A88B100A4E2914F1272E35714128
PID: 7736 (3476) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 7452 (3476) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 924632
MD5: 8AF1980AD5BD21364A960299015DBEDD
PID: 4 ( 0) System
PID: 300 ( 4) smss.exe
PID: 356 ( 348) avgchsva.exe
PID: 596 ( 588) csrss.exe
PID: 684 ( 588) wininit.exe
size: 96256
PID: 704 ( 676) csrss.exe
PID: 748 ( 676) winlogon.exe
PID: 796 ( 684) services.exe
PID: 808 ( 684) lsass.exe
PID: 816 ( 684) lsm.exe
PID: 948 ( 796) svchost.exe
size: 20992
PID: 108 ( 796) svchost.exe
size: 20992
PID: 552 ( 796) svchost.exe
size: 20992
PID: 580 ( 796) svchost.exe
size: 20992
PID: 648 ( 796) svchost.exe
size: 20992
PID: 868 ( 796) stacsv64.exe
PID: 1116 ( 796) svchost.exe
size: 20992
PID: 1184 ( 796) DockLogin.exe
PID: 1260 ( 796) svchost.exe
size: 20992
PID: 1336 ( 796) WLTRYSVC.EXE
PID: 1344 ( 580) wlanext.exe
size: 77312
PID: 1352 ( 596) conhost.exe
PID: 1384 (1336) BCMWLTRY.EXE
PID: 1464 ( 796) spoolsv.exe
PID: 1520 ( 796) svchost.exe
size: 20992
PID: 1612 ( 796) AppleMobileDeviceService.exe
PID: 1792 ( 796) avgwdsvc.exe
PID: 1816 ( 796) mDNSResponder.exe
PID: 1912 ( 796) NitroPDFDriverServicex64.exe
PID: 1948 ( 796) NLSSRV32.EXE
size: 67904
PID: 1980 ( 796) SeaPort.exe
PID: 1012 ( 796) SftService.exe
PID: 1644 ( 796) WLIDSVC.EXE
PID: 1740 ( 796) IAANTmon.exe
PID: 2132 ( 796) SDWinSec.exe
PID: 2488 ( 796) AVGIDSAgent.exe
PID: 2520 (1792) avgnsa.exe
PID: 2636 (1644) WLIDSVCM.EXE
PID: 2900 ( 796) svchost.exe
size: 20992
PID: 3256 ( 796) C:\Windows\System32\taskhost.exe
PID: 3456 ( 580) C:\Windows\System32\dwm.exe
PID: 3476 (3424) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 3900 ( 796) svchost.exe
size: 20992
PID: 3848 ( 796) PresentationFontCache.exe
PID: 2276 ( 796) wmpnetwk.exe
PID: 2564 ( 796) SearchIndexer.exe
size: 427520
PID: 2792 ( 400) avgrsa.exe
PID: 3916 (2792) avgcsrva.exe
PID: 2796 (3476) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 1808680
MD5: D8EB92619557053E893B9AC35E480CE1
PID: 2204 (3476) C:\Program Files\IDT\WDM\sttray64.exe
size: 444416
MD5: 5F3D8F0243E653BEDEB9AC6F04B7CF79
PID: 2896 (3476) C:\Windows\System32\igfxtray.exe
PID: 2208 (3476) C:\Windows\System32\hkcmd.exe
PID: 3948 (3476) C:\Windows\System32\igfxpers.exe
PID: 3572 (3476) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
size: 4968960
MD5: 1F83CB91A9830038DBE7CD1BA1921205
PID: 3164 (3476) C:\Program Files\Dell\QuickSet\quickset.exe
size: 3180624
MD5: B60457F40BBF5EAE380FC110B21C4978
PID: 3824 (3476) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3
PID: 3068 ( 948) C:\Windows\System32\igfxsrvc.exe
PID: 2460 ( 948) WmiPrvSE.exe
PID: 4436 (2796) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 120616
MD5: 18112C79E804A9B1026703A631A5F526
PID: 4700 ( 796) svchost.exe
size: 20992
PID: 4680 ( 796) iPodService.exe
PID: 5500 ( 948) dllhost.exe
size: 7168
PID: 5900 ( 796) svchost.exe
size: 20992
PID: 7384 ( 552) audiodg.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 8/18/2011 4:09:48 AM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.co.uk/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://g.uk.msn.com/USCON/2
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Namespace Provider 5: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 6: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider 7: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 8: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

ken545
2011-08-18, 11:32
Good Morning

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:processes
killallprocesses

:OTL
[2011/08/07 00:49:26 | 000,436,368 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110815-224612.backup
[2011/07/24 12:49:44 | 000,436,154 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110807-004926.backup

:Files
C:\Users\Oliver\AppData\Roaming\SogouExplorer


:Services

:Reg



:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

oholton1
2011-08-18, 21:42
All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\Windows\SysNative\drivers\etc\hosts.20110815-224612.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20110807-004926.backup moved successfully.
========== FILES ==========
C:\Users\Oliver\AppData\Roaming\SogouExplorer\Skin folder moved successfully.
C:\Users\Oliver\AppData\Roaming\SogouExplorer folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Oliver
->Temp folder emptied: 24721069 bytes
->Temporary Internet Files folder emptied: 3984262 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43572914 bytes
->Flash cache emptied: 690 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 226 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 15895171 bytes

Total Files Cleaned = 84.00 mb


OTL by OldTimer - Version 3.2.26.4 log created on 08182011_193757

Files\Folders moved on Reboot...
C:\Users\Oliver\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

oholton1
2011-08-18, 21:58
OTL logfile created on: 8/18/2011 7:43:13 PM - Run 3
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Oliver\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 54.51% Memory free
7.92 Gb Paging File | 6.00 Gb Available in Paging File | 75.71% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 191.35 Gb Free Space | 67.52% Space Free | Partition Type: NTFS

Computer Name: OLIVER-PC | User Name: Oliver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Oliver\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Secunia\PSI\psires.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NdisrdMP) -- C:\Windows\SysNative\drivers\Ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (Ndisrd) -- C:\Windows\SysNative\drivers\Ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: david.lancashire@gmail.com:1.6
FF - prefs.js..extensions.enabledItems: service@popupchinese.com:1.3
FF - prefs.js..extensions.enabledItems: control@freedur.com:2.12.200910211624
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files (x86)\Tencent\QQLive\npQQLive.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oliver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oliver\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/09 12:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/25 13:17:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/17 22:49:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/09 16:45:19 | 000,000,000 | ---D | M]

[2010/02/15 15:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Extensions
[2011/07/04 16:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions
[2010/09/12 09:45:20 | 000,000,000 | ---D | M] ("Freedur Firefox Addon") -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\control@freedur.com
[2010/07/22 02:01:08 | 000,000,000 | ---D | M] (Popup Chinese Dictionary) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\david.lancashire@gmail.com
[2010/07/22 02:01:08 | 000,000,000 | ---D | M] (Tone and Color - PopupChinese.com) -- C:\Users\Oliver\AppData\Roaming\Mozilla\Firefox\Profiles\zt95e3pg.default\extensions\service@popupchinese.com
[2011/08/15 22:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/18 15:12:23 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/12 18:30:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/15 07:50:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 00:14:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/15 22:50:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\OLIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZT95E3PG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/17 22:49:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/18 19:37:59 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ncikuToolBar) - {77D8DC41-9CE3-42E2-AF46-84F9686BFE21} - C:\Program Files (x86)\nciku\Toolbar\ncikuToolbar_0_5_1_74.dll (NHN Corporation.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O3 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1325289296-2163161933-1334178457-1000..\Run: [QQ2009] C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe (Tencent)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .cdx - C:\Program Files (x86)\Internet Explorer\Plugins\NPCDP32.DLL (CambridgeSoft.Com)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C052A649-6FEA-4AF3-81E4-DE31A8AD46B5} http://xmp.down.sandai.net/kankan/xoli.cab (xinstallerimpl Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42145a31-c696-11df-982f-00256476a9d5}\Shell - "" = AutoRun
O33 - MountPoints2\{42145a31-c696-11df-982f-00256476a9d5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 15:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/17 19:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/08/17 18:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/16 17:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/08/16 17:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs
[2011/08/16 17:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/08/16 17:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011/08/16 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\NCH Software
[2011/08/16 13:46:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/16 13:46:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/16 13:46:00 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/16 13:46:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/16 13:46:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/16 13:46:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/16 13:46:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/16 13:46:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/16 13:46:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/16 13:46:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/16 13:46:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/16 13:45:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/16 13:45:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/16 13:45:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/16 13:45:59 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/16 13:45:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/16 13:45:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/16 13:45:59 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/16 13:45:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/16 13:45:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/16 13:45:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/16 13:45:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/16 13:45:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/16 13:45:59 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/16 13:45:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/16 13:45:59 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/16 13:45:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/16 13:45:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/16 13:45:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/16 13:45:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/16 13:45:59 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/16 13:45:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/16 13:45:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/16 13:45:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/16 13:45:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/16 13:45:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/16 13:45:58 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/16 13:45:58 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/16 13:45:58 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/16 13:45:58 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/16 13:45:58 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/16 13:45:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/16 13:45:58 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/16 13:45:58 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/16 13:45:58 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/16 13:45:58 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/16 13:45:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/16 13:45:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/16 13:45:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/16 13:45:58 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/16 13:45:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/16 13:45:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/16 13:45:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/16 13:45:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/16 13:45:58 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/16 13:45:58 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/16 13:45:58 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/16 13:45:58 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/16 13:45:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/16 13:45:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/16 13:45:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/16 13:45:58 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/16 13:45:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/16 13:45:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/16 13:45:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/16 13:45:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/16 13:45:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/16 13:45:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/16 13:45:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/16 13:45:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/16 13:45:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/16 13:45:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/16 13:11:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/16 13:09:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/16 05:10:38 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\tazti
[2011/08/16 05:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Voice Tech Group, Inc
[2011/08/16 05:09:11 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\tazti
[2011/08/15 23:36:47 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\OneNote Notebooks
[2011/08/15 23:00:24 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{B67B35AE-4DBC-486C-931E-B48A53093F21}
[2011/08/15 23:00:09 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{08AC6082-6BAD-4247-A01B-872D106C0F1D}
[2011/08/15 22:55:30 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/15 22:52:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/08/15 22:52:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/08/15 22:52:01 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/08/15 22:52:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/08/15 22:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/15 22:50:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/15 22:50:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/15 22:50:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/15 22:41:12 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{602DB32A-2AA2-458D-8B19-3BD5E4491290}
[2011/08/15 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{2A8CA8E2-CFA6-42AE-AD1B-59AEBEA74BEB}
[2011/08/15 22:22:39 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Roaming\Malwarebytes
[2011/08/15 22:22:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/15 22:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/15 22:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/15 22:22:27 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/15 22:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/15 22:19:54 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{7A26B360-2EED-4419-9786-ED0EBE7D54E6}
[2011/08/15 22:19:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{A5DD7461-6D14-407B-BE08-AA8733CF8C3E}
[2011/08/15 19:06:43 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{BD0484AA-129E-4344-AC41-8667BFEE3FA1}
[2011/08/15 19:06:28 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{26FFCC19-D818-4AEF-9CD1-D2251D91E4A4}
[2011/08/12 12:29:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{E39AA2AB-4A91-4071-BD92-D72EBF3B69EB}
[2011/08/12 03:21:42 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{42D7D62C-C591-4CBE-BA1A-6314E5142E50}
[2011/08/11 03:01:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011/08/10 13:23:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 13:23:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 13:23:26 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 13:23:25 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 13:23:25 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 13:23:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 13:23:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 13:23:25 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 13:23:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 13:23:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/10 13:23:19 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 13:23:19 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 13:23:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 13:23:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 13:23:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 13:23:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 13:23:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 13:23:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 13:23:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 13:23:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 13:23:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 13:23:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 13:23:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 13:23:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) --

oholton1
2011-08-18, 21:59
C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 13:23:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 13:23:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 13:23:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 13:23:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 13:23:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 13:23:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 13:23:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 13:23:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 13:23:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 13:23:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 13:22:50 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 13:22:49 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 13:22:49 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/09 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/09 16:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/07 01:56:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/07 01:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/07 01:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/07/31 04:25:53 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{EE71AC1A-BDD0-4EC2-991F-9FD5373109FA}
[2011/07/27 10:40:47 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{D2AD43FF-0192-415A-8218-806BAABD5920}
[2011/07/23 10:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/07/23 10:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/07/23 10:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/07/23 10:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/07/22 23:13:48 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{82E55148-B67D-40CA-A749-9D5FA6FCD2EF}
[2011/07/21 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{D73B06B2-B783-41C6-98D9-DF7898B470BB}
[2011/07/21 06:33:12 | 000,000,000 | ---D | C] -- C:\Users\Oliver\Documents\DK Education
[2011/07/20 14:11:03 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{01C07453-F97D-4B14-8FC4-15368610547B}
[2011/07/19 19:59:40 | 000,000,000 | ---D | C] -- C:\Users\Oliver\AppData\Local\{7D8495DD-2733-44DA-A8FC-1C4489804748}
[2 C:\Users\Oliver\Desktop\*.tmp files -> C:\Users\Oliver\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/18 19:46:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 19:46:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 19:46:52 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/18 19:46:52 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/18 19:46:52 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/18 19:39:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/18 19:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/18 19:39:05 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/18 19:37:59 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/08/18 19:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325289296-2163161933-1334178457-1000UA.job
[2011/08/18 19:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/18 16:21:53 | 000,219,846 | ---- | M] () -- C:\Users\Oliver\Desktop\p_large_cVW7_12b7000494b05c44.jpg
[2011/08/18 15:12:16 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/18 12:25:34 | 128,631,983 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/18 00:34:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1325289296-2163161933-1334178457-1000Core.job
[2011/08/17 22:50:17 | 000,002,054 | ---- | M] () -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/17 18:43:47 | 000,440,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/17 18:38:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110818-032925.backup
[2011/08/17 17:02:23 | 000,081,045 | ---- | M] () -- C:\Users\Oliver\Desktop\THU 11 Essay Questions.pdf
[2011/08/16 17:08:36 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Express Dictate.lnk
[2011/08/16 17:08:01 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Express Scribe.lnk
[2011/08/16 14:05:44 | 000,001,443 | ---- | M] () -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/16 13:46:00 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/16 13:46:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/16 13:46:00 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/08/16 13:46:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/08/16 13:46:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/08/16 13:46:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/08/16 13:46:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/08/16 13:46:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/08/16 13:46:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/08/16 13:46:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/08/16 13:46:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/08/16 13:45:59 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/08/16 13:45:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/08/16 13:45:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/08/16 13:45:59 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/08/16 13:45:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/16 13:45:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/08/16 13:45:59 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/08/16 13:45:59 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/08/16 13:45:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/08/16 13:45:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/08/16 13:45:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/08/16 13:45:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/08/16 13:45:59 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/08/16 13:45:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/08/16 13:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/08/16 13:45:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/08/16 13:45:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/08/16 13:45:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/08/16 13:45:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/16 13:45:59 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/16 13:45:59 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/08/16 13:45:59 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/08/16 13:45:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/08/16 13:45:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/08/16 13:45:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/08/16 13:45:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/08/16 13:45:58 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/16 13:45:58 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/08/16 13:45:58 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/16 13:45:58 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/16 13:45:58 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/08/16 13:45:58 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/08/16 13:45:58 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/08/16 13:45:58 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/08/16 13:45:58 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/08/16 13:45:58 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/08/16 13:45:58 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/16 13:45:58 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/16 13:45:58 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/08/16 13:45:58 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/08/16 13:45:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/08/16 13:45:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/08/16 13:45:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/08/16 13:45:58 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/08/16 13:45:58 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/08/16 13:45:58 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/08/16 13:45:58 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/08/16 13:45:58 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/08/16 13:45:58 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/08/16 13:45:58 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/16 13:45:58 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/08/16 13:45:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/08/16 13:45:58 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/08/16 13:45:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/08/16 13:45:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/08/16 13:45:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/16 13:45:58 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/08/16 13:45:58 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/08/16 13:45:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/08/16 13:45:58 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/08/16 13:45:58 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/08/16 13:45:58 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/08/16 13:45:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/08/16 13:26:53 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/08/16 13:26:53 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/08/16 05:09:15 | 000,002,617 | ---- | M] () -- C:\Users\Public\Desktop\tazti.lnk
[2011/08/16 00:45:33 | 003,523,109 | ---- | M] () -- C:\Users\Oliver\Desktop\Freelance-Setup.zip
[2011/08/15 23:46:55 | 000,002,619 | ---- | M] () -- C:\Users\Oliver\Desktop\OneNote 2007.lnk
[2011/08/15 23:36:47 | 000,001,312 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/15 23:27:57 | 000,002,645 | ---- | M] () -- C:\Users\Oliver\Desktop\PowerPoint 2007.lnk
[2011/08/15 23:27:11 | 000,002,693 | ---- | M] () -- C:\Users\Oliver\Desktop\Word 2007.lnk
[2011/08/15 23:24:52 | 000,002,488 | ---- | M] () -- C:\Users\Oliver\Desktop\MSN.lnk
[2011/08/15 22:22:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/12 03:20:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/09 16:45:09 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/09 12:37:35 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/08/07 01:55:20 | 000,001,110 | ---- | M] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/01 12:18:48 | 000,064,289 | ---- | M] () -- C:\Users\Oliver\Desktop\jobseekers app confirmation.pdf
[2011/07/23 10:43:04 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\Oliver\Desktop\*.tmp files -> C:\Users\Oliver\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/18 16:21:52 | 000,219,846 | ---- | C] () -- C:\Users\Oliver\Desktop\p_large_cVW7_12b7000494b05c44.jpg
[2011/08/17 17:02:21 | 000,081,045 | ---- | C] () -- C:\Users\Oliver\Desktop\THU 11 Essay Questions.pdf
[2011/08/16 17:08:36 | 000,001,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate.lnk
[2011/08/16 17:08:36 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Express Dictate.lnk
[2011/08/16 17:08:01 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk
[2011/08/16 17:08:01 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Express Scribe.lnk
[2011/08/16 14:05:07 | 000,001,449 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/16 13:45:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/08/16 13:45:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/08/16 05:09:15 | 000,002,629 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tazti.lnk
[2011/08/16 05:09:15 | 000,002,617 | ---- | C] () -- C:\Users\Public\Desktop\tazti.lnk
[2011/08/16 02:23:25 | 004,917,604 | ---- | C] () -- C:\Users\Oliver\Desktop\Prudential.WAV
[2011/08/16 02:23:25 | 000,307,457 | ---- | C] () -- C:\Users\Oliver\Desktop\Global Lingo Writer's Guide.pdf
[2011/08/16 02:23:25 | 000,044,651 | ---- | C] () -- C:\Users\Oliver\Desktop\Global Lingo Contract (Subcontractors).pdf
[2011/08/16 00:45:32 | 003,523,109 | ---- | C] () -- C:\Users\Oliver\Desktop\Freelance-Setup.zip
[2011/08/15 23:46:55 | 000,002,619 | ---- | C] () -- C:\Users\Oliver\Desktop\OneNote 2007.lnk
[2011/08/15 23:36:46 | 000,001,312 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/08/15 23:28:10 | 000,002,655 | ---- | C] () -- C:\Users\Oliver\Desktop\Excel 2007.lnk
[2011/08/15 23:27:57 | 000,002,645 | ---- | C] () -- C:\Users\Oliver\Desktop\PowerPoint 2007.lnk
[2011/08/15 23:27:11 | 000,002,693 | ---- | C] () -- C:\Users\Oliver\Desktop\Word 2007.lnk
[2011/08/15 23:24:52 | 000,002,488 | ---- | C] () -- C:\Users\Oliver\Desktop\MSN.lnk
[2011/08/15 23:24:22 | 000,001,093 | ---- | C] () -- C:\Users\Oliver\Desktop\Secunia PSI.lnk
[2011/08/15 23:18:16 | 000,001,449 | ---- | C] () -- C:\Users\Oliver\Desktop\Internet Explorer.lnk
[2011/08/15 22:22:31 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 16:45:09 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/07 01:55:20 | 000,001,110 | ---- | C] () -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/01 12:18:48 | 000,064,289 | ---- | C] () -- C:\Users\Oliver\Desktop\jobseekers app confirmation.pdf
[2011/07/28 16:12:37 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/23 10:43:04 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/21 01:53:53 | 000,008,192 | ---- | C] () -- C:\Users\Oliver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/02 18:32:35 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/12/02 18:32:35 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/12/02 17:56:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/05/07 18:14:57 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2010/02/18 00:25:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/02 12:44:59 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/02 12:44:58 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/02 12:44:58 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/02 12:44:57 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/02 11:28:15 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/10/28 00:22:08 | 004,835,652 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/10/28 00:16:44 | 001,632,375 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2009/10/28 00:16:12 | 000,611,638 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/10/28 00:10:02 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/10/27 23:46:26 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/10/27 23:28:08 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/10/17 00:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/10/17 00:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/10/17 00:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/10/17 00:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/10/17 00:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/10/17 00:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/10/17 00:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/10/16 21:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/10/16 21:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/16 20:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/10/16 20:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/16 11:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009/07/31 02:58:42 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

========== Files - Unicode (All) ==========
[2011/08/18 03:23:26 | 000,030,720 | ---- | M] ()(C:\Users\Oliver\Desktop\?10?-3-???????.doc) -- C:\Users\Oliver\Desktop\第10课-3-听别人把话说完.doc
[2011/05/21 09:45:49 | 000,001,097 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2011/04/14 16:12:08 | 000,030,720 | ---- | C] ()(C:\Users\Oliver\Desktop\?10?-3-???????.doc) -- C:\Users\Oliver\Desktop\第10课-3-听别人把话说完.doc
[2011/04/12 14:54:08 | 000,001,097 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2011/03/03 05:06:55 | 000,001,169 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2011/03/03 05:06:55 | 000,001,169 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2011/03/03 05:03:20 | 000,002,217 | ---- | M] ()(C:\Users\Oliver\Desktop\??QQ.lnk) -- C:\Users\Oliver\Desktop\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,239 | ---- | M] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,239 | ---- | C] ()(C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Oliver\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/03/03 05:03:19 | 000,002,217 | ---- | C] ()(C:\Users\Oliver\Desktop\??QQ.lnk) -- C:\Users\Oliver\Desktop\腾讯QQ.lnk
[2010/03/14 09:12:11 | 000,043,008 | ---- | M] ()(C:\Users\Oliver\Documents\??????????? (corrected).doc) -- C:\Users\Oliver\Documents\主要数学符号的英文读法 (corrected).doc
[2010/03/14 09:12:10 | 000,043,008 | ---- | C] ()(C:\Users\Oliver\Documents\??????????? (corrected).doc) -- C:\Users\Oliver\Documents\主要数学符号的英文读法 (corrected).doc
(C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >

ken545
2011-08-19, 02:00
Good, any problems ?

oholton1
2011-08-19, 04:30
All seems good. Thanks for the help!

ken545
2011-08-19, 11:52
Hi,

Lets run these programs as a final clean up to make sure all the bad stuff is gone

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility. If you want to keep your log on info, just click on Select All and then uncheck cookies

http://i24.photobucket.com/albums/c30/ken545/Atribune.jpg







Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

oholton1
2011-08-19, 18:10
Done. ESET scan came back fine. The log still reads:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

ken545
2011-08-19, 19:25
:bigthumb:


Its important to keep your Java Updated as older versions can let this garbage in to your system


Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

oholton1
2011-08-20, 06:59
Thanks for all your help, Ken. I'll read through the links.

ken545
2011-08-20, 12:24
Your very welcome,

Take care,
Ken :)

ken545
2011-08-25, 14:09
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.