Browsers deny access or send to wrong sites

[wingreen]

UPDATE: Eureka! Burnt it - and its booting! I'll get back to you with whether PC runs better after scan - and new DDS log

 

[Dakeyras]

UPDATE: Eureka! Burnt it - and its booting! I'll get back to you with whether PC runs better after scan - and new DDS log

Excellent news!

I was not ignoring your prior posts by the way(though missed the email notification(s)), merely partaking in one of mine my favourite pastimes that involves my garden and young toddler son attempting to assist with such! :laugh:

OK levity aside if able post the prior logs I requested when ready and we will go from there so to speak, thank you.

 

[wingreen]

Ok - no problem. I appreciate that life goes on outside of this forum. Hope you (and your son) enjoyed the sun

Scan completed. Records 41, Suspect 0, Warnings 294 (I think the warnings were about files that couldn't be scanned).

However, I can't send the logs you requested as, when I boot up without the CD, it just takes me to the dreaded black screen again.

 

[Dakeyras]

Hi.

Ok - no problem. I appreciate that life goes on outside of this forum. Hope you (and your son) enjoyed the sun

Thank you, no idea how too address you in the manner I do(my style of posting). IE: Lass/lad, though aware you are probably Welsh.

Scan completed. Records 41, Suspect 0, Warnings 294 (I think the warnings were about files that couldn't be scanned).

However, I can't send the logs you requested as, when I boot up without the CD, it just takes me to the dreaded black screen again.

OK let myself have a think about this before we proceed any further. :bigthumb:

 

[Dakeyras]

Hi.

Please do this......

• Download OTLPE Network from either location and save it to your desktop:
  
  http://oldtimer.geekstogo.com/OTLPENet.exe
  http://ottools.noahdfear.net/OTLPENet.exe
  
  
• Double click the OTLPENet icon on your desktop
• "Do you want to burn the CD?" choose Yes
• ImgBurn will automatically extract and load the OTLPENet Iso to be burned to CD
• Place a blank CD in your CD-Rom
• Click
  
  to start the burn process
• You will see a dialog "Operation successfully completed"
• Boot the non-working computer using the boot CD you just created
• In order to do so, the computer must be set to boot from the CD first
  
  Note : For information click here
  
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start
  
• Copy and Paste the following code into the
  
  textbox. Do not include the word "Code"
  
  Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.
  
  

  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  /md5start
  userinit.exe
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  /md5stop
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  CREATERESTOREPOINT

• Push
  
• When finished, the file will be saved in drive C:\OTL.txt
• Please post the contents of the C:\OTL.txt file in your next reply.
• Copy this file to your USB drive if you do not have an internet connection.

 

[wingreen]

You think fast! (btw, I'm male and, yes, in Wales)

It's late here (no idea what it is where you are) and I'd have to disturb others to download on other PC (can't on this laptop as its work one and it doesn't let me download executables) - so I'll have to do it later tomorrow.

Many thanks

 

[Dakeyras]

Hi.

You think fast! (btw, I'm male and, yes, in Wales)

My wife would very probably beg to differ! I'm Irish but I have lived in mainland Britain for nigh on a decade and a half now.

Let myself know the outcome RE OTLPE and bare in mind my prior advice may be the only suitable course of action. IE: Slaving the Hard-Drive and or taking your machine to a reputable local IT repair centre.

In the mean time I have asked for a second opinion from a well respected colleague of mine just in-case I have missed something obvious that we can try.

 

[wingreen]

Thanks. Sorry for delay ('family' day!) and this bit rushed.

I tried posting otl.txt file contents (which is very long) but it came back saying it was TOO big! So I have split it into two parts. First part:

OTL logfile created on: 6/6/2010 8:00:42 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 37.98 Gb Free Space | 26.34% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 103.41 Gb Free Space | 22.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SlingAgentService)
SRV - File not found [Auto] -- -- (MSWU-f36decbb)
SRV - File not found [Auto] -- -- (MSWU-a23c7763)
SRV - [2010/03/14 14:43:04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/13 07:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/09/17 06:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/05 10:39:52 | 000,052,224 | ---- | M] (tzuk) [On_Demand] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2007/10/09 11:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/09/11 12:10:18 | 000,184,504 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/09/11 12:10:08 | 001,265,856 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 15:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/28 05:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 18:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
SRV - [2005/07/08 19:24:46 | 000,871,424 | ---- | M] (Nero AG) [Disabled] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (UimBus)
DRV - File not found [Kernel | System] -- -- (Uim_IM)
DRV - File not found [Kernel | System] -- -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (hpn)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (asfm)
DRV - [2010/06/04 13:53:10 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\djwsgvto.sys -- (djwsgvto)
DRV - [2010/04/21 03:53:46 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/14 14:43:09 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/14 14:42:59 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/14 12:56:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/14 12:56:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/04/30 06:32:58 | 000,023,168 | ---- | M] (SlingMedia Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SlingAudioBus.sys -- (SlingAudioBusenum)
DRV - [2009/04/30 06:32:58 | 000,019,072 | ---- | M] (SlingMedia Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SlingAudio.sys -- (Sling_Audio)
DRV - [2009/01/25 10:51:47 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/01/05 10:39:52 | 000,103,936 | ---- | M] (tzuk) [Kernel | On_Demand] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2008/08/26 06:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/18 11:25:00 | 000,040,464 | ---- | M] (Paragon Software Group) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/27 07:39:26 | 000,032,256 | ---- | M] () [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/11/15 12:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/10/10 08:53:48 | 000,005,632 | ---- | M] () [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/06/27 13:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/06/14 06:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/27 00:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/16 12:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/09/26 12:02:50 | 000,362,944 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2005/07/08 19:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\WINDOWS\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2005/07/08 19:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 19:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/08 17:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/06/28 07:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/03/21 06:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/11/15 06:15:18 | 000,088,080 | ---- | M] (Jetico, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\BCSwap.sys -- (BCSWAP)
DRV - [2004/09/15 09:05:00 | 000,064,512 | ---- | M] (Digital Blue ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STVqx5.sys -- (STVqx5) Digital Blue QX5(tm)
DRV - [2004/09/15 09:05:00 | 000,006,144 | ---- | M] (Digital Blue ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STVqx5m.sys -- (STVqx5m) Digital Blue QX5(tm)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/05/17 14:25:05 | 000,029,696 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Family\Local Settings\Temp\bfastfao.sys -- (bfastfao)
DRV - [2003/12/05 12:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/10/15 12:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/24 08:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/04/17 16:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\asapi.sys -- (Asapi)
DRV - [2001/08/18 08:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 08:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 08:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 08:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 08:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/18 07:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/18 07:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/18 07:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/18 07:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/18 07:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 07:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 07:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/18 07:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/18 07:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/18 07:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/...s/*http://uk.docs.yahoo.com/info/bt_side.html


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savastore.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Family_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\Family_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Family_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Joe_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Joe_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Joe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Joe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\John_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.intl=uk&.partner=bt-1&.done=http://bt.yahoo.com/?
IE - HKU\John_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\John_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savastore.com/

IE - HKU\Maggie_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=uk&done=http://uk.yahoo.com
IE - HKU\Maggie_ON_C\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll File not found
IE - HKU\Maggie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Maggie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Maggie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savastore.com/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com/?searchonly=true
IE - HKU\Sam_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sam_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 05:25:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 09:53:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 09:53:40 | 000,000,000 | ---D | M]

[2009/01/11 09:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/21 23:30:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/12/21 23:30:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/12/21 23:30:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/12/21 23:30:24 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/02/14 11:08:41 | 000,292,983 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10088 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WebCGMHlprObj Class) - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll (CGM Open Consortium, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (EyeOnIE Class) - {F081D70D-477F-11D9-95EC-004095356F63} - C:\PROGRA~1\AVAILA~1\ASANTI~1\AhBho.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Family_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Joe_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\John_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Maggie_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Maggie_ON_C\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll File not found
O3 - HKU\Sam_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.)
O4 - HKU\Family_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\Family_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Family_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Joe_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Joe_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\John_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Maggie_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Sam_ON_C..\Run: [PowerBar] File not found
O4 - HKU\Sam_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Sam_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\Wallpapers from MSN.lnk = C:\Documents and Settings\Sam\Application Data\Microsoft\Installer\{5C1178ED-7A1D-4EA6-A78D-FE526091DC4B}\_AD40422860A612C0AA07CA.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\Family_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Family_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Family_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\Joe_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Joe_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Joe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\John_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\John_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\John_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maggie_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Maggie_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Maggie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sam_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Sam_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Sam_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} http://www.couponreport.net/ftp/v3123/csauie1.cab (csauie1 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.co.uk/SnapfishUKActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103587301578 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178104577323 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/J...e7/&filename=jinstall-6u7-windows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} file:///C:/Program%20Files/InterCAP/ActiveCGM/ActiveX/Acgm.cab (ActiveCGM Control)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.43,93.188.166.178
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\fnpipe: DllName - fnpipe.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/21 02:48:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 09:48:16 | 000,000,040 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[wingreen]

(rest of report)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/10/20 23:54:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "InCDsrv"
MsConfig - Services: "KService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\WPN111.exe - (NETGEAR)
MsConfig - StartUpFolder: C:^Documents and Settings^John^Start Menu^Programs^Startup^Calendar.lnk - C:\Program Files\Calendar\Calendar.exe - (Glenn Delahoy)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: basicsmssmenu - hkey= - key= - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
MsConfig - StartUpReg: BCWipeTM Startup - hkey= - key= - C:\Program Files\Jetico\BCWipe\BCWipeTM.exe (Jetico, Inc.)
MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
MsConfig - StartUpReg: btbb_wcm_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
MsConfig - StartUpReg: Camera Detector - hkey= - key= - C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: H2O - hkey= - key= - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files\lg_fwupdate\fwupdate.exe File not found
MsConfig - StartUpReg: MsgCenterExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= - C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe File not found
MsConfig - StartUpReg: Omnipage - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE\opware32.exe (ScanSoft, Inc)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\Control.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: UVS10 Preload - hkey= - key= - C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
MsConfig - StartUpReg: WireLessKeyboard - hkey= - key= - C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe File not found
MsConfig - StartUpReg: WireLessMouse - hkey= - key= - C:\Program Files\Multimedia Combo Set\MouseDrv.exe File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5EAACC1A-D0A8-696A-33CB-26B2BE3C79D0} - DirectX
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {76C19B35-F0C8-11cf-87CC-0020AFEECF20} - Thai Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{8B135DEC-4426-4D1C-A950-2850EFB045A1} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.MJPG - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/01 13:06:20 | 000,000,000 | ---D | C] -- C:\Malware May 10
[2010/06/01 12:51:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/01 12:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/29 15:59:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/05/29 07:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/29 07:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/27 11:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maggie\Local Settings\Application Data\sjbrdxcks
[2006/02/18 23:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Joe\My Documents\*.tmp files -> C:\Documents and Settings\Joe\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 20:04:12 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/04 13:53:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\djwsgvto.sys
[2010/06/04 12:26:32 | 060,691,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/04 12:25:09 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\John\ntuser.dat
[2010/06/04 12:23:24 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/04 12:21:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/04 12:21:49 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/04 12:21:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/04 12:21:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 12:21:28 | 3479,687,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 12:15:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\John\Desktop\57vbdic1.exe
[2010/06/04 12:15:41 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\John\Desktop\rkill.exe
[2010/06/01 15:34:29 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/06/01 15:34:29 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/06/01 15:34:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/06/01 14:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/01 12:50:11 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2010/05/31 20:47:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/05/31 20:39:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini
[2010/05/31 20:39:24 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2010/05/31 18:44:40 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Sam\NTUSER.DAT
[2010/05/31 15:50:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sam\ntuser.ini
[2010/05/31 14:42:01 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Sam\Start Menu\Programs\Startup\Wallpapers from MSN.lnk
[2010/05/30 08:38:51 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Spybot.lnk
[2010/05/30 08:37:17 | 000,000,874 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/30 08:37:17 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/05/30 08:37:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/30 02:43:55 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Maggie\NTUSER.DAT
[2010/05/30 02:43:55 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Maggie\ntuser.ini
[2010/05/29 16:16:39 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Maggie\Desktop\Spybot - Search & Destroy.lnk
[2010/05/29 14:04:20 | 000,003,786 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/21 18:40:04 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Family\NTUSER.DAT
[2010/05/21 18:40:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Family\ntuser.ini
[2010/05/21 09:47:48 | 000,089,736 | ---- | M] () -- C:\Documents and Settings\Family\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/20 11:47:12 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Maggie\Desktop\Microsoft Office Publisher 2003.lnk
[2010/05/16 13:35:18 | 000,178,176 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 19:14:31 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\Level select.doc
[2010/05/14 13:54:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Microsoft Office Word 2003.lnk
[2010/05/13 18:49:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/11 05:41:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Microsoft Office Word 2003.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Joe\My Documents\*.tmp files -> C:\Documents and Settings\Joe\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/04 12:24:51 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\John\Desktop\rkill.exe
[2010/06/04 12:24:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\John\Desktop\57vbdic1.exe
[2010/06/01 12:50:11 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\John\Desktop\ERUNT.lnk
[2010/05/31 20:50:29 | 3479,687,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/30 08:38:51 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Spybot.lnk
[2010/05/29 16:16:39 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Maggie\Desktop\Spybot - Search & Destroy.lnk
[2010/05/27 11:05:12 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/27 11:04:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\djwsgvto.sys
[2010/05/14 19:14:30 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Joe\My Documents\Level select.doc
[2010/04/12 11:48:27 | 000,392,704 | ---- | C] () -- C:\Documents and Settings\Joe\contents page joe.doc
[2010/04/12 11:48:27 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Joe\cover for project joe.doc
[2010/04/12 11:48:27 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Joe\tally graphs joe.xls
[2010/03/30 15:48:53 | 027,193,281 | ---- | C] () -- C:\Documents and Settings\Sam\Jake's Composition 1.wma
[2010/03/30 15:48:51 | 022,527,813 | ---- | C] () -- C:\Documents and Settings\Sam\Jake's Composition 2.wma
[2010/01/31 08:14:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/01/31 08:14:59 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/12/29 20:13:45 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/10 14:12:27 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/13 15:15:57 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\d3d9caps.dat
[2009/06/30 09:16:52 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2009/04/30 13:41:14 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2009/04/27 15:35:57 | 000,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2008/12/15 10:18:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/11/14 14:56:09 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\Sam\jagex_runescape_preferences.dat
[2008/11/06 20:04:54 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\John\Install.log
[2008/11/02 11:03:23 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/11/02 11:03:23 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2008/10/07 11:07:57 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 19:55:59 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/03 19:55:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/04/11 13:35:58 | 000,002,268 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/02/18 13:27:52 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/01/03 09:14:47 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Family\NTUSER.DAT
[2008/01/03 09:14:46 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2007/12/10 18:52:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/12/06 23:13:59 | 006,533,120 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer.dll
[2007/12/06 23:13:59 | 002,568,192 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageMeter.dll
[2007/12/06 23:12:21 | 008,278,016 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2007/12/06 23:12:21 | 008,151,040 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2007/12/06 22:48:20 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2007/12/06 17:42:53 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Maggie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/17 06:16:06 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Maggie\USB001
[2007/10/15 13:18:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/10/14 13:49:04 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\Maggie\NTUSER.DAT
[2007/10/08 18:24:09 | 000,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2007/09/24 17:26:14 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/12 19:27:01 | 013,107,200 | ---- | C] () -- C:\Documents and Settings\John\ntuser.dat
[2007/07/11 18:28:56 | 000,003,786 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2007/04/10 17:24:47 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/03/02 14:31:13 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/02/20 18:51:57 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HPSU_48BitScanUpdate.log
[2007/02/20 18:51:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/02/20 18:50:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/02/20 18:50:14 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\John\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007/02/20 18:50:14 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/02/20 18:49:36 | 000,002,814 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PatchUpdate_InstantShareJPG.log
[2007/02/20 18:49:36 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/02/20 18:46:43 | 000,003,594 | ---- | C] () -- C:\Documents and Settings\John\Application Data\PatchUpdate_IZClosingDiscError.log
[2007/02/20 18:46:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/02/20 18:45:24 | 000,035,624 | ---- | C] () -- C:\Documents and Settings\John\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2007/02/20 18:45:24 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/02/19 17:25:45 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/05 13:34:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat
[2007/02/05 13:34:04 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Family\ntuser.dat.LOG
[2007/02/05 13:34:04 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Family\ntuser.ini
[2007/01/17 19:58:15 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/14 18:18:06 | 000,000,244 | ---- | C] () -- C:\Documents and Settings\Maggie\Artikel.csv
[2007/01/12 19:44:22 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\John\Artikel.csv
[2006/12/31 14:49:31 | 000,178,176 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/30 11:41:54 | 000,000,569 | ---- | C] () -- C:\WINDOWS\superwmacutterjoiner.ini
[2006/12/29 20:22:13 | 000,025,601 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/12/29 20:14:29 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/12/21 14:51:52 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
[2006/12/21 14:51:51 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\Sam\NTUSER.DAT
[2006/12/21 14:51:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Sam\ntuser.dat.LOG
[2006/12/21 14:51:51 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Sam\ntuser.ini
[2006/12/20 19:41:53 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\John\results.txt
[2006/12/20 19:36:23 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/20 19:36:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/20 18:05:11 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\fusioncache.dat
[2006/12/20 18:05:10 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Joe\ntuser.dat.LOG
[2006/12/20 18:05:10 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Joe\ntuser.ini
[2006/12/20 18:04:03 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Maggie\Local Settings\Application Data\fusioncache.dat
[2006/12/20 18:04:01 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Maggie\ntuser.dat.LOG
[2006/12/20 18:04:01 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Maggie\ntuser.ini
[2006/12/20 14:40:33 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2006/12/20 14:40:32 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\John\ntuser.dat.LOG
[2006/12/20 14:40:32 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\John\ntuser.ini
[2006/10/18 00:23:11 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2006/10/18 00:23:11 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2006/10/17 20:23:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/17 19:43:11 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/10/17 19:31:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2006/10/17 19:25:31 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2006/10/17 16:27:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ctrldll.dll
[2006/10/13 07:30:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/09/15 08:40:48 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoController.dll
[2005/09/15 08:40:48 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoAnalyser.dll
[2005/09/15 08:40:48 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\PSP PseudoStereo.dll
[2005/09/15 08:40:48 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\PSP StereoEnhancer.dll
[2005/09/11 15:12:23 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\pspsedx.dll
[2005/09/11 15:12:02 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\pspsadx.dll
[2005/09/11 15:09:57 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\pspscdx.dll
[2005/09/11 14:49:43 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\psppsdx.dll
[2005/08/12 06:04:45 | 004,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
[2005/08/05 10:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/24 14:21:16 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll
[2004/12/21 11:34:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/21 09:56:10 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2004/12/21 09:56:07 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2004/12/21 09:55:26 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/12/21 09:55:25 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/12/21 09:55:24 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/12/21 09:55:24 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/12/21 08:17:58 | 000,001,010 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/12/21 08:16:08 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/12/21 02:56:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/12/21 02:55:26 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/12/21 02:55:25 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2003/08/07 09:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 10:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 08:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 08:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 08:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 08:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 08:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 08:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 08:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 17:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 17:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL
[2001/07/06 11:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/05/11 03:52:22 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\Indounin.dll
[1997/08/18 20:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/18 20:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\ispnews
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ispnews
[2007/02/06 18:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\ispnews
[2009/10/13 16:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Azureus
[2006/12/21 13:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ispnews
[2010/03/25 18:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\LimeWire
[2009/12/29 15:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\PC Suite
[2009/02/11 12:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\ScanSoft
[2010/05/05 12:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Spotify
[2007/09/29 09:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\TomTom
[2008/10/07 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Ulead Systems
[2006/12/29 09:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ACD Systems
[2010/01/17 19:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Amazon
[2010/01/17 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Azureus
[2007/11/16 18:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Cakewalk
[2007/10/09 16:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Canon
[2006/12/20 17:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\F-Secure
[2009/02/04 18:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\HandBrake
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\InterTrust
[2007/06/09 19:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\iolo
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ispnews
[2008/05/13 04:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MSNInstaller
[2009/01/25 10:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\NCH Swift Sound
[2009/12/29 12:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Nokia
[2008/02/17 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OfficeUpdate12
[2007/12/06 23:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Opera
[2009/12/29 12:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\PC Suite
[2007/06/23 14:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Renegade Minds
[2007/01/03 20:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\RootsMagic
[2007/10/07 11:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Sandbox
[2006/12/29 20:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ScanSoft
[2007/01/09 08:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Snapfish
[2007/12/06 22:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Steinberg
[2007/09/20 20:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\SuperAdBlocker.com
[2007/09/17 08:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\TomTom
[2008/10/04 16:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Ulead Systems
[2008/11/02 11:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi
[2007/09/03 07:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\ACD Systems
[2008/11/02 15:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\agi
[2007/02/14 07:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\Canon
[2006/12/28 07:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\InterTrust
[2007/02/04 21:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\ispnews
[2007/10/22 08:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\Sandbox
[2007/06/28 09:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\ScanSoft
[2007/09/17 13:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\TomTom
[2008/10/04 15:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maggie\Application Data\Ulead Systems
[2010/05/31 14:43:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sam\Application Data\.#
[2008/11/02 11:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\agi
[2009/11/14 18:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Azureus
[2006/12/21 14:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\F-Secure
[2006/10/21 00:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\InterTrust
[2006/10/21 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\ispnews
[2010/03/31 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\LimeWire
[2008/06/02 12:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\ScanSoft
[2010/05/26 16:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Spotify
[2008/10/04 12:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Ulead Systems
[2010/05/31 14:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\uTorrent
[2008/10/29 13:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Wallpapers from MSN
[2010/06/04 12:21:49 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]


< MD5 for: AGP440.SYS >
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/05/08 21:13:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/10 15:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/12/20 18:28:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/12/20 18:28:57 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/12/20 18:28:57 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/02/25 06:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:690E9362FA01FC72
< End of report >

 

[Dakeyras]

Hi.

I apologise for the delay. Anyway both myself and colleague concur your machine is in quite a mess/badly comprimised and it would be prudent to either perform a reformat and reinstallation of the Windows operating system and or take your machine to a local IT repair centre.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

I can offer no further assistance apart from my prior advice sadly as only so much I can do without physical access to the machine.

 

[wingreen]

Oh - sounds bad. I changed all my relevant passwords (from a clean PC) when I realised there was problem (and have checked that nothing untoward has been happening with my financial accounts).

I appreciate your help and the time you have put into it. I'm guessing that (as it seems to be in quite a mess) it won't be cheap to get professional repair so it might make more sense for me to scrap it and buy another. Although I might be tempted to try a "reformat and re-installation" - but I'm assuming that's relatively straighforward and that I can get advice on that from an ordinary "how to" site.

Thanks again anyway.

 

[wingreen]

Don't want to pester you but, just to check - I'm going to explore the option of reformatting/reinstalling (I made a "back up" on my external hard disk before I got these problems). All I have are the Product Recovery CD Roms and/or (I think) a recovery partition (?) on my internal hard disk.
Should I explore which and how to do this here with you? or go to another forum that focuses on that sort of thing (rather than malware)?

Thanks

 

[Dakeyras]

Hi.

The below tutorials for the process are excellent for advising the exact procedure:-

How to Reformat and Reinstall your Operating System

Windows XP - Reformat And Re-Install Guide

what programs will i have to find and restore to it?

Below is some advice about what to install/safety advice after the format and the reinstallation of the Windows operating system.

Reformat and Reinstallation Advice:

This is a excellent resource I recommend reading:- How to prevent Malware

• Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  Here are some free Anti Virus programs which I recommend to use:
  • Antivir PersonalEditionClassic
    • Free anti-virus software for Windows.
    • Detects and removes more than 50,000 viruses. Free support.
  • avast! Home Edition
    • • Anti-virus program for Windows.
      • The home edition is freeware for noncommercial users.
  • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
    Here are some free Firewalls which I recommend to use:
    (Use only one, and disable your Windows Firewall)
    • Sunbelt Kerio
    • Outpost
    • Jetico Personal Firewall
  Note: Only ever have installed/use one Anti-Virus application and Software Firewall. Otherwise a system conflict will occur and this also lessens overall online protection!
  
• Keep your system updated- Microsoft releases patches for Windows and other products regularly:
  • I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
  • Install the Active X
  • Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
  • Start >> All Programs >> Microsoft Updates
• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Malwarebytes' Anti-Malware - Download it from here
  The tutorial on how to use MBAM is located here
• Install WinPatrol - Download it from here
  You can find information about how WinPatrol works here
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  Download it from here
  The tutorial on how to use Spyware Blaster is located here
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well after the format and the reinstallation of the Windows operating system.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

 

[wingreen]

OK, thanks for getting back to me and thanks for all your help

 

[wingreen]

Sorry - just before I go (!). You mentioned earlier possibility that hard drive had a recovery partition (?). When I boot the infected CD, I get an option to "Press F10 to start recovery" (this comes up for a couple seconds after Boot from CD? and before it moves onto the black screen).
Will Pressing F10 help me to recover from hard disk?

 

[Dakeyras]

Aye it may very well do and at this stage I see no harm what so ever investigating this particular avenue so to speak.

 

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.