FakeAlert Damage

[secWEL]

Hello ken545,

Thanks again for very quick response.

Ashampoo is a very good German company that produces a variety of software packages, some of which I have used for years without problems, so I think their toolbar is probably OK, but I do not use so will remove later.

I have unhidden the files and all my icons are back and Win Explorer now lists the files in the D: drive. Thank you very much.

VirusTotal does not list the “oxrsavq.sys” file and I cannot find on my machine so have not been able to submit it. What should I do?

Tried to run TFC and ended up with two instances both “not responding” and I could not clear them so reset the machine. Several attemps at a normal boot failed, so I started in “Safe-mode” and ran TFC successfully.

Had warning from McAfee that “Real time Scanning” was off and it would not reset, so I shut-down. Domestic pressures and lateness forced break at this time.

Have now downloaded and run MBAM, the report is below and shows no infections.

Is this progress?

MBAM Report:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7013

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

03/07/2011 22:46:10
mbam-log-2011-07-03 (22-46-10).txt

Scan type: Quick scan
Objects scanned: 206345
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I really do appreciate your help, I wish I had the skills and knowledge.

Thanks again. (Am going to bed now!)

secWEL

[ken545]

Lets do this

OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[secWEL]

Hello ken545

Thank you.

I have run “OTL” and include the ”OTL.text” below and will send the “Extras.txt” with the next post.

A brief summary of the status this morning:
a) machine would not boot normally so I ran in “Safe-mode” with boot logging. The log covered 300 pages and the last 3 entries were:
“Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Did not load driver cfwids.SYS”
Prior to those there was a long list of “Did not load”

b) the machine is slow.
McAfee seems to have lost its database and it had to be renewed, also there is an error:
Error Signature
szAppName : McSvHost.exe szAppVer : 1.5.109.0 szModName : HWAPI.dll
szModVer : 11.5.109.0 offset : 000427ae

Error Report
C:\DOCUME~1\WEL\LOCALS~1\Temp\WERddf3.dir00\McSvHost.exe.mdmp
C:\DOCUME~1\WEL\LOCALS~1\Temp\WERddf3.dir00\appcompat.txt

I do not know whether these are related to the main problem.

Sorry text is too long so will send "OTL.txt" in two parts.

OTL.txt (Part 1)
OTL logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - c:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
PRC - D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
PRC - D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
PRC - D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\BrainBullet\Brain Bullet.exe ()
PRC - C:\Program Files\BrainBullet\mblit.exe ()
PRC - C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
PRC - D:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
PRC - C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - D:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (AntiSpy Server) -- D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (iviVD) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LUsbKbd) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys (Logitech Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (USBSNXSTOR) -- C:\WINDOWS\system32\drivers\USBSNX2K.SYS ( )
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {eca3ccd6-0f7d-11de-9997-000347bb5186}:1.07
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q="

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 10:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/26 19:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 11:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 20:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/26 19:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/30 20:12:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions
[2010/04/28 14:52:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/23 11:53:45 | 000,000,000 | -H-D | M] (Minimap Addon) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011/06/27 13:53:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/27 13:53:37 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/05/09 10:40:54 | 000,000,000 | -H-D | M] (Vouchers.Im Indicator) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{eca3ccd6-0f7d-11de-9997-000347bb5186}
[2011/03/21 21:13:03 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\engine@conduit.com
[2011/06/21 18:55:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\foxyproxy@eric.h.jung
[2011/03/13 10:10:58 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\personas@christopher.beard
[2011/06/30 19:25:28 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\toolbar@alot.com
[2011/06/22 14:40:23 | 000,002,093 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search-1.xml
[2009/08/11 14:34:24 | 000,002,101 | -H-- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search.xml
[2011/06/27 11:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 12:10:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 19:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/06 12:42:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 18:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 17:46:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 10:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2010/04/07 09:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/03 17:30:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511113155.dll (McAfee, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [Ashampoo HDD Control Guard] D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OpwareSE4] D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Disk Tool] D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [BrainBullet] c:\Program Files\BrainBullet\Brain Bullet.exe ()
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [GTV GlobalIM] D:\Program Files\Business Dashboard\global.im.exe (GTV Solutions, Inc.)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [UIWatcher] D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk = C:\Program Files\BrainBullet\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\quickenw\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk = D:\Program Files\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\Corel\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk = D:\Program Files\Extensis\Portfolio 8.5\Portfolio Express.exe (Extensis, Inc.)
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: ("C:\PROGRA~1\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPNETWORK3.DLL") - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 16:01:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/17 19:05:20 | 000,000,000 | ---D | M] - W:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

**** END PART 1 ******


Thanks
secWEL

[secWEL]

ken%$%

**** OTL.txt Part 2 *****

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 10:26:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/04 10:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/03 22:36:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:49:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 20:11:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 16:59:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 16:59:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 16:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 16:59:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 16:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 16:39:38 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/02 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/07/02 15:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Desktop\7-Zip
[2011/06/24 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Security 201106
[2011/06/23 12:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 11:57:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:50 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 20:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/22 19:49:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 16:57:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/21 16:31:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WEL\Recent
[2011/06/21 14:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Application Data\McAfee
[2011/06/19 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2011/06/15 16:54:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2011/06/10 17:16:07 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/10 17:16:07 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/06/10 15:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/06/10 15:56:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverBoost
[2011/06/06 17:27:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/30 19:28:28 | 000,053,083 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\USBSNX2K.SYS

========== Files - Modified Within 30 Days ==========

[2011/07/04 10:28:18 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
[2011/07/04 10:26:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/04 10:24:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 10:24:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 10:11:34 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 10:11:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 10:09:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 10:07:08 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/07/04 10:06:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 10:06:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/03 22:42:04 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 22:37:35 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:11:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:30:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 17:03:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/03 16:52:49 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/03 12:57:19 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 11:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/06/30 09:54:59 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:33 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 15:35:41 | 000,002,053 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/29 12:54:24 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 15:56:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 11:43:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | M] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 12:02:22 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 11:57:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:57 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 19:57:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/22 19:49:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 14:50:38 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/20 16:23:20 | 000,002,521 | -H-- | M] () -- C:\Documents and Settings\WEL\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/19 19:31:12 | 000,073,728 | -H-- | M] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 19:03:55 | 000,579,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/16 18:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 20:24:05 | 000,512,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 20:24:05 | 000,097,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 20:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 16:48:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 17:34:11 | 000,001,687 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/06/10 17:18:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/10 17:18:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/10 17:18:17 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

========== Files Created - No Company Name ==========

[2011/07/03 17:11:07 | 000,001,787 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2011/07/03 17:11:07 | 000,001,697 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011/07/03 17:11:07 | 000,001,687 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/07/03 17:11:06 | 000,001,372 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
[2011/07/03 17:11:06 | 000,000,812 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2011/07/03 17:11:06 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
[2011/07/03 17:11:06 | 000,000,716 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
[2011/07/03 17:11:06 | 000,000,680 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk
[2011/07/03 17:10:29 | 000,001,803 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Desktop Search.lnk
[2011/07/03 17:10:29 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/03 17:10:29 | 000,000,660 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
[2011/07/03 17:10:29 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/03 17:10:29 | 000,000,548 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XTA Deluxe.lnk
[2011/07/03 17:10:28 | 000,002,269 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PhotoPlus X3.lnk
[2011/07/03 17:10:28 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PanoramaPlus 3.lnk
[2011/07/03 17:10:28 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MoviePlus X5.lnk
[2011/07/03 17:10:28 | 000,001,840 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PagePlus X4.lnk
[2011/07/03 17:10:28 | 000,001,836 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif WebPlus X5.lnk
[2011/07/03 17:10:28 | 000,000,745 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MontagePlus 1.0.lnk
[2011/07/03 17:10:28 | 000,000,735 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PopArtPlus 1.0.lnk
[2011/07/03 17:10:27 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X3.lnk
[2011/07/03 17:10:27 | 000,002,263 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif DrawPlus X3.lnk
[2011/07/03 17:10:27 | 000,001,986 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/07/03 17:10:27 | 000,001,868 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif Digital Scrapbook Artist.lnk
[2011/07/03 17:10:27 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/03 17:10:27 | 000,001,852 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus SE PRO.lnk
[2011/07/03 17:10:27 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X4.lnk
[2011/07/03 17:10:27 | 000,000,932 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/07/03 17:10:27 | 000,000,821 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif ImpactPlus 5.0.lnk
[2011/07/03 17:10:27 | 000,000,729 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual C# 2008 Express Edition.lnk
[2011/07/03 17:10:26 | 000,002,453 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007.lnk
[2011/07/03 17:10:26 | 000,002,209 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/07/03 17:10:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/03 17:10:26 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/03 17:10:26 | 000,001,715 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/03 17:10:26 | 000,000,696 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/07/03 17:10:26 | 000,000,676 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\InstantStorm.lnk
[2011/07/03 17:10:25 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/03 17:03:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/03 17:03:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/03 16:59:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 16:59:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 16:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 16:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 16:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 12:58:19 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 09:54:59 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:32 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 12:54:24 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 11:43:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:43:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | C] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/23 12:02:22 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/22 19:57:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/21 16:57:16 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/10 17:16:08 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/06/10 17:16:07 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/10 16:25:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/05/19 12:14:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 12:23:09 | 000,689,664 | ---- | C] () -- C:\Program Files\MicrosoftFixit50202.msi
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/12 15:44:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/25 21:53:21 | 000,293,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 17:12:34 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2010/10/30 15:12:54 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/10/30 15:12:53 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/10/10 12:35:11 | 000,137,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 21:08:21 | 000,346,012 | ---- | C] () -- C:\WINDOWS\uninstall Fantasy_.exe
[2010/03/03 20:13:44 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2010/03/03 20:13:41 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2010/03/03 20:13:41 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2010/03/03 20:13:40 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010/02/13 12:18:56 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/12/03 17:43:27 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/12/03 17:43:27 | 000,001,186 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/10/20 12:02:34 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\fusioncache.dat
[2009/10/07 12:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 19:02:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/18 12:06:02 | 000,008,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/19 12:18:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 10:30:08 | 000,112,128 | ---- | C] () -- C:\WINDOWS\PRCENWIN.EXE
[2009/02/13 10:30:08 | 000,000,292 | ---- | C] () -- C:\WINDOWS\PSIONPRC.INI
[2009/02/13 10:29:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Ode.ini
[2009/02/06 11:19:03 | 000,002,320 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/02 12:53:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/02/02 12:52:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/17 20:05:47 | 000,100,489 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2008/12/17 20:05:27 | 000,002,644 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/08 17:34:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/08 17:34:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/08 17:34:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/08 17:34:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/08 17:30:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\CopyToGo.dat
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/12/07 11:51:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/14 17:43:39 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2008/11/14 15:43:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SerifAnimation0.dll
[2008/11/14 15:43:06 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\SerifVideo0.dll
[2008/11/14 15:43:06 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\SerifVideoDX0.dll
[2008/11/14 15:43:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SerifDSFiltEnum0.dll
[2008/10/08 15:22:05 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\$_hpcst$.hpc
[2008/10/06 19:41:59 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2008/10/06 19:41:59 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/10/06 19:41:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2008/07/27 18:37:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2008/07/27 18:37:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/07/27 18:36:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/07/27 18:34:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUSB.DAT
[2008/07/27 18:29:42 | 000,002,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/27 18:29:42 | 000,001,000 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
[2008/07/27 18:29:39 | 000,004,645 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2008/07/21 22:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2008/07/21 22:22:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/07/21 22:22:47 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/07/21 22:22:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/07/21 22:22:47 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/09 18:18:10 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 15:26:31 | 000,036,574 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).ADR
[2008/07/03 15:20:24 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).EML
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\UMSDIH.DLL
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\ReSet.exe
[2008/06/20 10:57:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/06/20 10:55:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/20 10:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/14 19:07:32 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 15:04:18 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/12 09:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\meridian.INI
[2008/06/11 20:32:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/06/11 20:31:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/10 16:51:56 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/10 16:50:55 | 000,579,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/10 16:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/10 15:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/23 18:37:18 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACEncoder.dll
[2006/02/23 17:37:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\dsfVorbisDecoder.dll
[2006/02/23 17:36:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dsfOggDemux2.dll
[2006/02/23 17:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfOGMDecoder.dll
[2006/02/23 17:35:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfNativeFLACSource.dll
[2006/02/23 17:35:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACDecoder.dll
[2006/02/23 17:34:58 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll
[2006/02/23 17:34:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libFishSound.dll
[2006/02/23 17:34:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\libOOOggSeek.dll
[2006/02/23 17:34:26 | 001,108,480 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/02/23 17:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\libOOogg.dll
[2006/02/23 17:33:54 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,512,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,097,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

========== LOP Check ==========

[2010/05/28 19:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2008/11/11 01:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2008/06/14 19:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/03 21:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celartem
[2009/10/06 10:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/08/25 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
[2008/08/30 20:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/06/10 15:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/05/12 19:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/05/09 19:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2011/03/04 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Engelmann Media
[2011/03/03 21:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensis
[2011/02/24 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iBaAgAi08200
[2011/03/04 10:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/03/03 11:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2011/03/23 20:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft
[2011/05/22 20:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/07/21 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/28 20:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RootsMagic
[2008/06/20 10:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/15 15:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/12/07 11:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/05/08 18:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/02/01 15:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2010/09/23 18:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/16 17:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/12 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B9F9E1D5-C790-4BF3-916E-3090346AFDEB}
[2009/08/29 14:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/20 10:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2011/06/08 10:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\PDF Software
[2010/04/02 17:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\111701
[2009/10/14 14:13:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Ashampoo
[2008/07/23 15:24:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Canon
[2009/08/28 14:41:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ChaosPro
[2008/10/06 19:43:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\CheckPoint
[2009/10/12 19:43:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\CoffeeCup Software
[2010/10/23 17:54:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\DocumentsToGoDesktop
[2011/05/22 20:26:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\DriverCure
[2011/03/04 11:02:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Engelmann Media
[2011/03/03 21:26:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Extensis
[2009/10/12 15:20:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\FileZilla
[2010/04/09 15:46:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\InterVideo
[2008/06/29 15:29:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Konrad Papala
[2011/03/23 20:59:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Kybtec Software
[2008/12/08 17:35:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Leadertech
[2009/10/15 10:03:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\LimeWire
[2009/10/18 19:07:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/10/20 12:02:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\MipKukSoft
[2008/12/07 17:38:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Moyea
[2008/06/12 16:59:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NCode
[2009/03/04 20:27:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NetCentrics
[2008/06/28 12:23:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NewSoft
[2011/01/27 16:46:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Notepad++
[2009/10/12 15:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Nvu
[2009/08/01 15:14:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\OLYMPUS
[2009/10/13 16:59:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\OpenOffice.org
[2010/01/19 15:16:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Pantone
[2011/05/22 20:26:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ParetoLogic
[2011/06/09 10:33:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\PDF Software
[2009/11/05 15:53:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\PersonalBrain
[2010/01/30 13:45:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Quo2
[2010/06/28 20:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\RootsMagic
[2008/06/20 10:53:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ScanSoft
[2009/06/30 20:28:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Scooter Software
[2009/10/09 17:20:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Serif
[2009/10/15 10:03:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\System Tweaker
[2011/01/04 18:54:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Thunderbird
[2011/05/08 18:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Titanium Gears
[2010/02/01 16:46:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Uniblue
[2008/07/03 11:09:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Windows Desktop Search
[2011/07/04 10:28:18 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job

========== Purity Check ==========



< End of report >

I will send "extras.txt" with next post.

Thanks
secWEL

[secWEL]

Hello ken545

Here is "Extas.txt":

OTL Extras logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JESSOPS] -- "D:\Jessops.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F953C2-1934-4D5B-A464-BDA1E883894A}" = Serif PopArtPlus 1.0
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.9.3 UK Edition
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC44278-1474-47E0-A5D7-E08C017CF024}" = Getting Things Done Outlook Add-In
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{30BBE9FD-3D6D-4A32-A1BC-CA5BC8C3C993}" = Serif AlbumPlus X3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394958C2-8036-4385-81F5-B63F221D0DD0}" = InterVideo VirtualDrive
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60A9D3B8-485B-493C-8F2E-FC99177E26A9}_is1" = Clifton StrengthsFinder Screen Saver 1.0
"{614C466C-EB3C-F9A0-B741-C726A81EAD1A}" = Market Samurai
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.6.2.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7070E859-68A6-4539-A629-58B06CBCACD4}" = Serif MoviePlus X3 Resources
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.0.0)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
"{A2996B98-02BD-4779-93CC-E0A9EA52871F}" = Extensis Portfolio 8.5.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}" = Paragon Hard Disk Manager 8.5 Professional
"{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
"{A6AA9ABB-B7F8-49D6-9B2B-B7F5B6302D6A}" = Serif AlbumPlus X4
"{A72F9228-6931-4F89-A698-A94CFC4B312F}" = Kybtec World Clock 4.4.2.1
"{A8A42A57-2320-464B-9F5D-3F85089C4714}" = Serif MontagePlus 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{A97C9EA2-8D23-412A-B9B4-146CEABE7A61}" = Serif Premium Template Pack for PagePlus
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACB7D6F2-71A2-44A3-A703-550FA65679D9}" = Guardian PC Security Tools
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF6841FE-7A9D-45C1-ACE8-1BE7F2F6A027}" = ArcSoft TotalMedia Extreme
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BB8D0355-654B-4B6E-8D38-E61D2BB81EF8}" = SafeNSecure $TRIALSTR$
"{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F6900E-AA65-4200-A62D-E917C6F67107}" = Serif DrawPlus X3 Resources
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{D5B2EBB1-F7D0-4F3E-A549-FEC4EFA81A6A}" = USB Disk Tool
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}" = Omron Health Management Software
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EE070961-CDEB-4C73-BF95-D68B68C6129D}" = Quo v2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD1B2E34-D0B7-4E8C-8CB9-435F545C776C}" = Serif DrawPlus X3
"{FE8E1858-8E73-4ACD-0001-393419DB8F1B}" = MyTube BigPack 4 HD
"{FF01F58F-A8B3-E2BD-45EB-E9CF29BC0B38}" = XTA Deluxe
"1190-3857-8766-9166" = PersonalBrain 5
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Chess School" = Advanced Chess School
"alotToolbar" = ALOT Toolbar
"ArtStudioProEssentials_is1" = ArtStudioProEssentials
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.20
"Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.11
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.40
"Ashampoo PowerUp 3_is1" = Ashampoo PowerUp 3.23
"Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4.04
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.2
"Bibble Pro" = Bibble Pro
"Brain Bullet 2.0" = Brain Bullet 2.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"Business Dashboard 2.5" = Business Dashboard 2.5
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CD Data Rescue_is1" = CD Data Rescue 2.6
"ChaosPro 3.3" = ChaosPro 3.3
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
"com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = XTA Deluxe
"DAO 3.5" = DAO 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Fantasy Universe Screensaver" = Fantasy Universe Screensaver
"FileZilla Client" = FileZilla Client 3.2.8.1
"GanttProject" = GanttProject
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"Hardware Helper_is1" = Hardware Helper
"Harry's Filters_is1" = Harry's Filters 3.01
"huey_is1" = hueyPRO 1.5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstantStorm_is1" = InstantStorm 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Virtual Technician" = McAfee Virtual Technician
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = BT NetProtect Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"PCI Audio Driver" = PCI Audio Driver
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RealPlayer 12.0" = RealPlayer
"SafeNSecure Password Manager" = SafeNSecure Password Manager
"ShareScope Gold" = ShareScope Gold
"ST6UNST #1" = uolmsDiag install
"Success Manager Pro_is1" = Success Manager Pro
"Taskimizer_is1" = Taskimizer
"The Action Machine_is1" = The Action Machine
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VertusFluidMaskLite" = Vertus Fluid Mask Lite 1.0.2
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Wipe" = Web Wipe
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.1.4
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/07/2011 04:26:15 | Computer Name = AMD2-3A4FB6A446 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 04/07/2011 05:16:58 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module
HWAPI.dll, version 11.5.109.0, fault address 0x0001a0f5.

Error - 04/07/2011 05:17:15 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1001
Description = Fault bucket 1965432135.

[ OSession Events ]
Error - 01/04/2010 15:22:00 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39566
seconds with 7080 seconds of active time. This session ended with a crash.

Error - 27/08/2010 06:50:42 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 419
seconds with 360 seconds of active time. This session ended with a crash.

Error - 13/10/2010 06:40:02 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.

Error - 02/11/2010 14:11:50 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24780
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 16/11/2010 13:54:17 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29426
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 23/02/2011 13:20:47 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1155
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 04/03/2011 17:10:39 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36226
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 06/05/2011 12:07:35 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 387
seconds with 240 seconds of active time. This session ended with a crash.

Error - 19/06/2011 11:46:12 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3300
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/07/2011 16:12:28 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 40201
seconds with 3060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/07/2011 05:04:07 | Computer Name = AMD2-3A4FB6A446 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 04/07/2011 05:08:01 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

Thanks
secWEL

[ken545]

Hi,

The alerts and errors your getting are related to McAfee, you may want to uninstall that program and reinstall it.



Backup Your Registry with ERUNT:

• Download erunt.zip to your Desktop from here:
  http://aumha.org/downloads/erunt.zip
• Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
• Inside the new folder, double-click ERUNT.exe to start the program
• OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
  IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
  IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
  FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
  FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q="
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /release /c
  ipconfig /renew /c
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[secWEL]

Hi ken545

Reports:

First OTL report using yr code:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q=" removed from keyword.URL
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.AMD2-3A4FB6A446
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.AMD2-3A4FB6A446.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: WEL
->Temp folder emptied: 2212624 bytes
->Temporary Internet Files folder emptied: 2710856 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37991656 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 810 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108728235 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 145.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07042011_143807

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_edc.dat moved successfully.
C:\Documents and Settings\WEL\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...

The reports from the scan will be in the next two posts.


Thanks secWEL

[secWEL]

Hello again

The OTL.txt file:

OTL logfile created on: 04/07/2011 14:52:43 - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.60% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.45 Gb Free Space | 56.78% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.36 Gb Free Space | 91.23% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
PRC - D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
PRC - D:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
PRC - C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - D:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (AntiSpy Server) -- D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (iviVD) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LUsbKbd) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys (Logitech Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (USBSNXSTOR) -- C:\WINDOWS\system32\drivers\USBSNX2K.SYS ( )
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {eca3ccd6-0f7d-11de-9997-000347bb5186}:1.07
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 10:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/26 19:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 11:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 20:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/26 19:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/30 20:12:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions
[2010/04/28 14:52:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/23 11:53:45 | 000,000,000 | -H-D | M] (Minimap Addon) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011/06/27 13:53:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/27 13:53:37 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/05/09 10:40:54 | 000,000,000 | -H-D | M] (Vouchers.Im Indicator) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{eca3ccd6-0f7d-11de-9997-000347bb5186}
[2011/03/21 21:13:03 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\engine@conduit.com
[2011/06/21 18:55:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\foxyproxy@eric.h.jung
[2011/03/13 10:10:58 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\personas@christopher.beard
[2011/06/30 19:25:28 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\toolbar@alot.com
[2011/06/22 14:40:23 | 000,002,093 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search-1.xml
[2009/08/11 14:34:24 | 000,002,101 | -H-- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search.xml
[2011/06/27 11:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 12:10:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 19:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/06 12:42:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 18:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 17:46:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 10:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2010/04/07 09:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/04 14:38:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511113155.dll (McAfee, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [Ashampoo HDD Control Guard] D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OpwareSE4] D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Disk Tool] D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
O4 - HKCU..\Run: [BrainBullet] c:\Program Files\BrainBullet\Brain Bullet.exe ()
O4 - HKCU..\Run: [GTV GlobalIM] D:\Program Files\Business Dashboard\global.im.exe (GTV Solutions, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [UIWatcher] D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk = C:\Program Files\BrainBullet\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\quickenw\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk = D:\Program Files\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\Corel\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk = D:\Program Files\Extensis\Portfolio 8.5\Portfolio Express.exe (Extensis, Inc.)
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: ("C:\PROGRA~1\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPNETWORK3.DLL") - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 16:01:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/17 19:05:20 | 000,000,000 | ---D | M] - W:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/04 14:07:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 10:26:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/03 22:36:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:49:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 20:11:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 16:59:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 16:59:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 16:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 16:59:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 16:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 16:39:38 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/02 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/07/02 15:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Desktop\7-Zip
[2011/06/24 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Security 201106
[2011/06/23 12:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 11:57:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:50 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 20:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/22 19:49:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 16:57:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/21 16:31:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WEL\Recent
[2011/06/21 14:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Application Data\McAfee
[2011/06/19 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2011/06/15 16:54:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2011/06/10 17:16:07 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/10 17:16:07 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/06/10 15:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/06/10 15:56:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverBoost
[2011/06/06 17:27:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/30 19:28:28 | 000,053,083 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\USBSNX2K.SYS

========== Files - Modified Within 30 Days ==========

[2011/07/04 14:48:53 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 14:48:39 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
[2011/07/04 14:48:09 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 14:48:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 14:43:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 14:43:38 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/07/04 14:43:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 14:43:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/04 14:38:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/04 14:24:31 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 13:54:37 | 000,002,521 | -H-- | M] () -- C:\Documents and Settings\WEL\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/04 12:11:15 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to EXCEL.EXE.lnk
[2011/07/04 10:26:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/03 22:42:04 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 22:37:35 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:11:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/03 16:52:49 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/03 12:57:19 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 11:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/06/30 09:54:59 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:33 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 15:35:41 | 000,002,053 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/29 12:54:24 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 15:56:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 11:43:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | M] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 12:02:22 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 11:57:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:57 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 19:57:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/22 19:49:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 14:50:38 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/19 19:31:12 | 000,073,728 | -H-- | M] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 19:03:55 | 000,579,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/16 18:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 20:24:05 | 000,512,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 20:24:05 | 000,097,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 20:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 16:48:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 17:34:11 | 000,001,687 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/06/10 17:18:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/10 17:18:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/10 17:18:17 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

========== Files Created - No Company Name ==========

[2011/07/04 12:11:15 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to EXCEL.EXE.lnk
[2011/07/03 17:11:07 | 000,001,787 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2011/07/03 17:11:07 | 000,001,697 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011/07/03 17:11:07 | 000,001,687 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/07/03 17:11:06 | 000,001,372 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
[2011/07/03 17:11:06 | 000,000,812 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2011/07/03 17:11:06 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
[2011/07/03 17:11:06 | 000,000,716 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
[2011/07/03 17:11:06 | 000,000,680 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk
[2011/07/03 17:10:29 | 000,001,803 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Desktop Search.lnk
[2011/07/03 17:10:29 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/03 17:10:29 | 000,000,660 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
[2011/07/03 17:10:29 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/03 17:10:29 | 000,000,548 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XTA Deluxe.lnk
[2011/07/03 17:10:28 | 000,002,269 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PhotoPlus X3.lnk
[2011/07/03 17:10:28 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PanoramaPlus 3.lnk
[2011/07/03 17:10:28 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MoviePlus X5.lnk
[2011/07/03 17:10:28 | 000,001,840 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PagePlus X4.lnk
[2011/07/03 17:10:28 | 000,001,836 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif WebPlus X5.lnk
[2011/07/03 17:10:28 | 000,000,745 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MontagePlus 1.0.lnk
[2011/07/03 17:10:28 | 000,000,735 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PopArtPlus 1.0.lnk
[2011/07/03 17:10:27 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X3.lnk
[2011/07/03 17:10:27 | 000,002,263 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif DrawPlus X3.lnk
[2011/07/03 17:10:27 | 000,001,986 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/07/03 17:10:27 | 000,001,868 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif Digital Scrapbook Artist.lnk
[2011/07/03 17:10:27 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/03 17:10:27 | 000,001,852 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus SE PRO.lnk
[2011/07/03 17:10:27 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X4.lnk
[2011/07/03 17:10:27 | 000,000,932 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/07/03 17:10:27 | 000,000,821 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif ImpactPlus 5.0.lnk
[2011/07/03 17:10:27 | 000,000,729 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual C# 2008 Express Edition.lnk
[2011/07/03 17:10:26 | 000,002,453 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007.lnk
[2011/07/03 17:10:26 | 000,002,209 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/07/03 17:10:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/03 17:10:26 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/03 17:10:26 | 000,001,715 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/03 17:10:26 | 000,000,696 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/07/03 17:10:26 | 000,000,676 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\InstantStorm.lnk
[2011/07/03 17:10:25 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/03 17:03:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/03 17:03:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/03 16:59:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 16:59:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 16:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 16:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 16:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 12:58:19 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 09:54:59 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:32 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 12:54:24 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 11:43:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:43:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | C] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/23 12:02:22 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/22 19:57:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/21 16:57:16 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/10 17:16:08 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/06/10 17:16:07 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/10 16:25:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/05/19 12:14:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 12:23:09 | 000,689,664 | ---- | C] () -- C:\Program Files\MicrosoftFixit50202.msi
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/12 15:44:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/25 21:53:21 | 000,293,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 17:12:34 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2010/10/30 15:12:54 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/10/30 15:12:53 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/10/10 12:35:11 | 000,137,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 21:08:21 | 000,346,012 | ---- | C] () -- C:\WINDOWS\uninstall Fantasy_.exe
[2010/03/03 20:13:44 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2010/03/03 20:13:41 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2010/03/03 20:13:41 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2010/03/03 20:13:40 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010/02/13 12:18:56 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/12/03 17:43:27 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/12/03 17:43:27 | 000,001,186 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/10/20 12:02:34 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\fusioncache.dat
[2009/10/07 12:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 19:02:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/18 12:06:02 | 000,008,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/19 12:18:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 10:30:08 | 000,112,128 | ---- | C] () -- C:\WINDOWS\PRCENWIN.EXE
[2009/02/13 10:30:08 | 000,000,292 | ---- | C] () -- C:\WINDOWS\PSIONPRC.INI
[2009/02/13 10:29:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Ode.ini
[2009/02/06 11:19:03 | 000,002,320 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/02 12:53:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/02/02 12:52:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/17 20:05:47 | 000,100,489 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2008/12/17 20:05:27 | 000,002,644 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/08 17:34:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/08 17:34:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/08 17:34:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/08 17:34:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/08 17:30:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\CopyToGo.dat
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/12/07 11:51:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/14 17:43:39 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2008/11/14 15:43:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SerifAnimation0.dll
[2008/11/14 15:43:06 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\SerifVideo0.dll
[2008/11/14 15:43:06 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\SerifVideoDX0.dll
[2008/11/14 15:43:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SerifDSFiltEnum0.dll
[2008/10/08 15:22:05 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\$_hpcst$.hpc
[2008/10/06 19:41:59 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2008/10/06 19:41:59 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/10/06 19:41:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2008/07/27 18:37:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2008/07/27 18:37:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/07/27 18:36:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/07/27 18:34:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUSB.DAT
[2008/07/27 18:29:42 | 000,002,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/27 18:29:42 | 000,001,000 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
[2008/07/27 18:29:39 | 000,004,645 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2008/07/21 22:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2008/07/21 22:22:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/07/21 22:22:47 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/07/21 22:22:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/07/21 22:22:47 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/09 18:18:10 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 15:26:31 | 000,036,574 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).ADR
[2008/07/03 15:20:24 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).EML
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\UMSDIH.DLL
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\ReSet.exe
[2008/06/20 10:57:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/06/20 10:55:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/20 10:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/14 19:07:32 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 15:04:18 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/12 09:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\meridian.INI
[2008/06/11 20:32:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/06/11 20:31:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/10 16:51:56 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/10 16:50:55 | 000,579,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/10 16:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/10 15:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/23 18:37:18 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACEncoder.dll
[2006/02/23 17:37:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\dsfVorbisDecoder.dll
[2006/02/23 17:36:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dsfOggDemux2.dll
[2006/02/23 17:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfOGMDecoder.dll
[2006/02/23 17:35:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfNativeFLACSource.dll
[2006/02/23 17:35:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACDecoder.dll
[2006/02/23 17:34:58 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll
[2006/02/23 17:34:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libFishSound.dll
[2006/02/23 17:34:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\libOOOggSeek.dll
[2006/02/23 17:34:26 | 001,108,480 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/02/23 17:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\libOOogg.dll
[2006/02/23 17:33:54 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,512,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,097,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

< End of report >

I will send the other file in the next post.

Regards
secWEL

[secWEL]

Hi

The OTL Extras file:

OTL Extras logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JESSOPS] -- "D:\Jessops.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F953C2-1934-4D5B-A464-BDA1E883894A}" = Serif PopArtPlus 1.0
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.9.3 UK Edition
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC44278-1474-47E0-A5D7-E08C017CF024}" = Getting Things Done Outlook Add-In
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{30BBE9FD-3D6D-4A32-A1BC-CA5BC8C3C993}" = Serif AlbumPlus X3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394958C2-8036-4385-81F5-B63F221D0DD0}" = InterVideo VirtualDrive
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60A9D3B8-485B-493C-8F2E-FC99177E26A9}_is1" = Clifton StrengthsFinder Screen Saver 1.0
"{614C466C-EB3C-F9A0-B741-C726A81EAD1A}" = Market Samurai
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.6.2.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7070E859-68A6-4539-A629-58B06CBCACD4}" = Serif MoviePlus X3 Resources
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.0.0)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
"{A2996B98-02BD-4779-93CC-E0A9EA52871F}" = Extensis Portfolio 8.5.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}" = Paragon Hard Disk Manager 8.5 Professional
"{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
"{A6AA9ABB-B7F8-49D6-9B2B-B7F5B6302D6A}" = Serif AlbumPlus X4
"{A72F9228-6931-4F89-A698-A94CFC4B312F}" = Kybtec World Clock 4.4.2.1
"{A8A42A57-2320-464B-9F5D-3F85089C4714}" = Serif MontagePlus 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{A97C9EA2-8D23-412A-B9B4-146CEABE7A61}" = Serif Premium Template Pack for PagePlus
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACB7D6F2-71A2-44A3-A703-550FA65679D9}" = Guardian PC Security Tools
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF6841FE-7A9D-45C1-ACE8-1BE7F2F6A027}" = ArcSoft TotalMedia Extreme
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BB8D0355-654B-4B6E-8D38-E61D2BB81EF8}" = SafeNSecure $TRIALSTR$
"{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F6900E-AA65-4200-A62D-E917C6F67107}" = Serif DrawPlus X3 Resources
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{D5B2EBB1-F7D0-4F3E-A549-FEC4EFA81A6A}" = USB Disk Tool
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}" = Omron Health Management Software
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EE070961-CDEB-4C73-BF95-D68B68C6129D}" = Quo v2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD1B2E34-D0B7-4E8C-8CB9-435F545C776C}" = Serif DrawPlus X3
"{FE8E1858-8E73-4ACD-0001-393419DB8F1B}" = MyTube BigPack 4 HD
"{FF01F58F-A8B3-E2BD-45EB-E9CF29BC0B38}" = XTA Deluxe
"1190-3857-8766-9166" = PersonalBrain 5
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Chess School" = Advanced Chess School
"alotToolbar" = ALOT Toolbar
"ArtStudioProEssentials_is1" = ArtStudioProEssentials
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.20
"Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.11
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.40
"Ashampoo PowerUp 3_is1" = Ashampoo PowerUp 3.23
"Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4.04
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.2
"Bibble Pro" = Bibble Pro
"Brain Bullet 2.0" = Brain Bullet 2.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"Business Dashboard 2.5" = Business Dashboard 2.5
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CD Data Rescue_is1" = CD Data Rescue 2.6
"ChaosPro 3.3" = ChaosPro 3.3
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
"com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = XTA Deluxe
"DAO 3.5" = DAO 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Fantasy Universe Screensaver" = Fantasy Universe Screensaver
"FileZilla Client" = FileZilla Client 3.2.8.1
"GanttProject" = GanttProject
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"Hardware Helper_is1" = Hardware Helper
"Harry's Filters_is1" = Harry's Filters 3.01
"huey_is1" = hueyPRO 1.5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstantStorm_is1" = InstantStorm 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Virtual Technician" = McAfee Virtual Technician
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = BT NetProtect Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"PCI Audio Driver" = PCI Audio Driver
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RealPlayer 12.0" = RealPlayer
"SafeNSecure Password Manager" = SafeNSecure Password Manager
"ShareScope Gold" = ShareScope Gold
"ST6UNST #1" = uolmsDiag install
"Success Manager Pro_is1" = Success Manager Pro
"Taskimizer_is1" = Taskimizer
"The Action Machine_is1" = The Action Machine
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VertusFluidMaskLite" = Vertus Fluid Mask Lite 1.0.2
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Wipe" = Web Wipe
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.1.4
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/07/2011 04:26:15 | Computer Name = AMD2-3A4FB6A446 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 04/07/2011 05:16:58 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module
HWAPI.dll, version 11.5.109.0, fault address 0x0001a0f5.

Error - 04/07/2011 05:17:15 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1001
Description = Fault bucket 1965432135.

[ OSession Events ]
Error - 01/04/2010 15:22:00 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39566
seconds with 7080 seconds of active time. This session ended with a crash.

Error - 27/08/2010 06:50:42 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 419
seconds with 360 seconds of active time. This session ended with a crash.

Error - 13/10/2010 06:40:02 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.

Error - 02/11/2010 14:11:50 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24780
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 16/11/2010 13:54:17 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29426
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 23/02/2011 13:20:47 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1155
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 04/03/2011 17:10:39 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36226
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 06/05/2011 12:07:35 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 387
seconds with 240 seconds of active time. This session ended with a crash.

Error - 19/06/2011 11:46:12 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3300
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/07/2011 16:12:28 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 40201
seconds with 3060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/07/2011 05:04:07 | Computer Name = AMD2-3A4FB6A446 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 04/07/2011 05:08:01 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

I will reload McAfee and delete the Ashampoo toolbar; I don not know who Conduit are.

Question: Do you ever sleep? Your replies come so quickly that I suspect your always awake.

Many thanks
secWEL

[ken545]

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :processes
  killallprocesses
  
  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
  
  
  :Services
  nlwkxq
  
  :Reg
  
  :Files
  c:\windows\system32\drivers\oxrsavq.sys 
  c:\program files\alot
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )