FakeAlert Damage

Status
Not open for further replies.
S

secWEL

New member
Hello
I desperately need your help.
On 22nd June I lost control of my computer and was invited to purchase remedial software, taking this to be extortion I refused. I ran McAfee anti-virus (this is always live on my machine) and MalwareBytes to discover that there were versions of the FakeAlert trojan present. These were cleared, but left the machine with no icons or background on the desktop and access only to programs on the C: drive ( the hard-drives are partitioned and most applications are on the D: drive, with some on other drives.
Research on the net led me to your site and SpyBot. The advice provided by “tashi” I downloaded and ran ERUNT, DDS and SpyBot. Unfortunately I ran the remedial option on SpyBot which did not eliminate all problems, but did seem to inhibit the restarting of the computer.

I booted in safe-mode and scanned with both MalwareBytes and McAfee, both reported no problems. It was then, perhaps coincidentally, possible to boot normally. Only recent added icons and no wallpaper was available on the desktop. Investigation showed that there was no access to drives holding programs (but using Run, browse I was able to run MS Outlook which is on the C: drive. I again ran ERUNT, DDS and SpyBot (did not invoke remedial action in SpyBot) and discovered that I could not access the SpyBot folder to view the report. The “Applications” folder could not been seen in eithe Explorer or Run/Browse. I ran SpyBot again and recorded the report in another folder using copy/paste.

This report is given here:


--- Report generated: 2011-06-24 20:46 ---

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

DoubleClick: Tracking cookie (Internet Explorer: WEL) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-06-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-21 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-22 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-21 Includes\TrojansC-05.sbi (*)
2011-06-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Please can you help me?

I have tried SupportSpace and was told that files are damaged and advised to reload XP Pro. I can't accept this because I believe the file are still there but access is blocked e.g. I can run SpyBot from the desktop icon, but cannot find it with Win Explorer.

William Lewis
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Download DDS from one of the links below to your desktop

Link 1
Link 2

  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
  • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

Information on A/V control Here
 
Thank you for responding.

Here is DDSreport:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by WEL at 14:59:53 on 2011-07-02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1239 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Program Files\USB Disk Tool\USNDISKT.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe
D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
svchost.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
C:\progra~1\brainbullet\Brain Bullet.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\progra~1\brainbullet\mblit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Documents and Settings\WEL\Application Data\Real\Update\UpgradeHelper\RealPlayer\8.01\rnupgagent.exe
c:\program files\real\realplayer\update\realsched.exe
c:\program files\real\realplayer\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by BT Yahoo!
uStart Page = hxxp://home.bt.yahoo.com/
uDefault_Page_URL = hxxp://bt.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50808
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DA3D929001CC28E2000BA1B8&src_id=11407&camp_id=38&tb_version=2.5.18000.3
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511113155.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA2.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files\myashampoo\tbMyA2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Uniblue RegistryBooster 2009] d:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OM_Monitor] d:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [UIWatcher] d:\program files\ashampoo\ashampoo uninstaller 4\UIWatcher.exe
uRun: [BrainBullet] c:\progra~1\brainbullet\Brain Bullet.exe STARTUP
uRun: [GTV GlobalIM] d:\program files\business dashboard\global.im.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "d:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [USB Disk Tool] d:\program files\usb disk tool\USNDISKT.EXE
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DefragTaskBar] "c:\program files\ashampoo\ashampoo magical defrag 2\bin\defragTaskBar.exe"
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [OM_Monitor] d:\program files\olympus\olympus master\FirstStart.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Ashampoo Core Tuner] "d:\program files\ashampoo\ashampoo core tuner\ct.exe" -TRAY
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Ashampoo HDD Control Guard] d:\program files\ashampoo\ashampoo hdd control\HDDControlGuard.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TaskTray]
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\wel\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\wel\startm~1\programs\startup\openoffice.org 3.3.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{07DC44C0-BEF6-4D56-8786-1D8366ED48F9} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: "c:\progra~1\google\google desktop search\GoogleDesktopNetwork3.dll"
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\wel\application data\mozilla\firefox\profiles\y8lt4gvi.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-3-3 38448]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-24 84200]
R2 AntiSpy Server;AntiSpy Server;d:\program files\boomerang software\guardian pc security tools\PfftWrk.exe [2008-9-18 98304]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 366640]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-24 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-29 141792]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-12 2214504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 428640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-21 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-24 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-24 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-24 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-24 88736]
S0 nlwkxq;nlwkxq;c:\windows\system32\drivers\oxrsavq.sys --> c:\windows\system32\drivers\oxrsavq.sys [?]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate1ca3ad9368733e8;Google Update Service (gupdate1ca3ad9368733e8);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-24 271480]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-24 56064]
S3 cpuz132;cpuz132;\??\c:\docume~1\wel\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\wel\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-21 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-24 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-24 84488]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [2008-6-30 53083]
.
=============== Created Last 30 ================
.
2011-06-27 10:43:09 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-27 10:43:09 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-24 20:11:19 -------- d-----w- c:\documents and settings\wel\Security 201106
2011-06-23 11:02:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-23 11:02:12 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-21 15:57:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 15:02:12 52352 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2011-06-21 13:50:38 -------- d-----w- c:\documents and settings\wel\application data\McAfee
2011-06-19 17:52:38 -------- d-----w- c:\program files\Serif
2011-06-15 15:54:33 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 09:26:15 -------- d--h--w- c:\documents and settings\wel\application data\alot
2011-06-12 09:26:15 -------- d-----w- c:\program files\alot
2011-06-10 16:16:07 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-10 16:16:07 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-10 15:25:32 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-06-10 14:57:39 -------- d-----w- c:\documents and settings\all users\application data\Driver Boost
.
==================== Find3M ====================
.
2011-06-15 15:48:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-10 16:18:22 273344 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-06-10 16:18:22 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-06-10 16:18:17 273344 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-29 08:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 18:05:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-16 11:23:31 689664 ----a-w- c:\program files\MicrosoftFixit50202.msi
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 13:19:22 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-14 13:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-08 05:14:00 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14:00 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 21:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 15:01:13.84 ===============

Sorry I have lost winzip and will have to reinstall. Will post again later with the "attach ".

Than you.:thanks:

secWEL
 
Sorry for the delay. As stated earlier I have lost access to nearly all programs.
I have copied the "attach" file to an OpenOffice Write document and compressed it with 7 Zip, which I had to done load despite the instruction not to add any files. Sorry but it was the only way.

Thanks again

secWEL
 
All scans we run will open a log in Notepad so need to to zip, just copy and paste.

You have uTorrent installed, using P2P programs guarantee you will become infected, I need you to uninstall it via Add Remove Programs in the Control Panel.

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
 
Hello ken545

Thank you for the fast response.

I cannot find uTorrent on the Add/Remove software list, nor can I find it with the XP search utility but this does not seem to be able to access the D: and other drives. Windows Explorer shows the D: dirve and other drives as being empty.

Despite not being able to remove uTorrent, I have run “CKScanner. The contents of the “CKFiles.txt “ are:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OCAPUB
----- EOF -----

I was surprised by how quickly the scan was completed and by the result; should I run it again?

Looking forward to hearing from you.

Regards

SecWEL
 
Not a problem, just want to alert you to the dangers of these type programs


P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.





Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Den ken545

Thanks for another prompt reply - very much appreciated.

I Disable McAfee but ComboFix thought it was still running and warned about possible problems, but I ran it anyway.

The report is below. I am amazed by the number of temporry files listed, I thought they had all been cleared.

ComboFix said:

ComboFix 11-07-02.03 - WEL 03/07/2011 17:05:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1161 [GMT 1:00]
Running from: c:\documents and settings\WEL\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
..
Other Deletions .
.
c:\documents and settings\All Users\Application Data\page
c:\documents and settings\All Users\Application Data\page\page.ico
c:\documents and settings\All Users\Application Data\page\page.URL
c:\documents and settings\WEL\Application Data\.#
c:\documents and settings\WEL\Application Data\.#\MBX@1124@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@1124@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1124@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@1500@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@384180.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@3841B0.###
c:\documents and settings\WEL\Application Data\.#\MBX@594@3841E0.###
c:\documents and settings\WEL\Application Data\.#\MBX@EC8@383FB0.###
c:\documents and settings\WEL\Application Data\.#\MBX@EC8@383FE0.###
c:\documents and settings\WEL\Application Data\alot
c:\documents and settings\WEL\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\WEL\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\WEL\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\WEL\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\WEL\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\WEL\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\WEL\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\WEL\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\WEL\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\WEL\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\WEL\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\WEL\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\WEL\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\WEL\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\WEL\Application Data\alot\configurator\configurator.xml
c:\documents and settings\WEL\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\WEL\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\WEL\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\WEL\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\WEL\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\WEL\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\WEL\Application Data\alot\products\products.xml
c:\documents and settings\WEL\Application Data\alot\products\products.xml.backup
c:\documents and settings\WEL\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\WEL\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\WEL\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_image_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_news_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_shop_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_videos_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_1\images\alot_web_search.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_10\images\4256_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_10\images\4256_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_2\images\alot_configure.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_2\images\alot_configure.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_3\images\default_1008_alot_map_widget_default.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_4\images\3270_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_4\images\3270_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_5\images\1182_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_5\images\1182_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_6\images\2363_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_6\images\2363_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\clear.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\cloudy.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\default_1007_alot_weather_widget.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\mcloud.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\pcloud.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\rain.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_7\images\shower.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_8\images\2654_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_8\images\2654_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\default_2254_email.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\default_2254_email.png
c:\documents and settings\WEL\Application Data\alot\Resources\Button_9\images\icon_configure.JPG
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\intro_popup.png
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\WEL\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\WEL\Application Data\alot\SiteMetrics\SiteMetrics.xml
c:\documents and settings\WEL\Application Data\alot\SiteMetrics\SiteMetrics.xml.backup
c:\documents and settings\WEL\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\WEL\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\WEL\Application Data\alot\toolbar.xml
c:\documents and settings\WEL\Application Data\alot\toolbar.xml.backup
c:\documents and settings\WEL\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\WEL\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\WEL\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\WEL\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\WEL\Application Data\alot\Updater\Updater.xml
c:\documents and settings\WEL\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\WEL\Application Data\PriceGong
c:\documents and settings\WEL\Application Data\PriceGong\Data\1.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\a.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\b.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\c.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\d.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\e.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\f.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\g.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\h.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\i.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\J.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\k.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\l.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\m.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\n.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\o.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\p.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\q.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\r.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\s.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\t.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\u.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\v.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\w.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\x.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\y.xml
c:\documents and settings\WEL\Application Data\PriceGong\Data\z.xml
c:\documents and settings\WEL\Desktop\Internet Explorer.lnk
c:\documents and settings\WEL\Desktop\Windows XP Repair.lnk
c:\documents and settings\WEL\g2mdlhlpx.exe
c:\documents and settings\WEL\GoToAssistDownloadHelper.exe
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc100.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc101.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc102.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc104.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc106.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc107.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc108.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc109.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc10F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc110.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc111.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc112.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc113.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc114.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc115.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc116.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc117.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc118.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc119.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc11F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc120.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc121.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc122.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc123.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc124.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc125.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc126.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc127.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc128.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc129.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc12F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc130.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc131.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc132.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc133.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc134.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc135.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc136.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc137.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc138.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc139.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc13F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc140.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc141.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc142.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc143.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc144.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc145.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc146.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc147.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc148.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc149.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc14F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc150.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc151.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc152.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc153.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc154.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc155.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc156.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc157.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc158.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc159.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc15F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc160.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc161.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc162.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc163.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc166.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc167.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc168.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc169.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc16F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc172.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc174.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc175.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc177.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc17A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc17F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc180.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc184.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc185.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc186.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc187.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc188.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc18D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc19C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1A9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1AA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1B4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1BF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1C2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1D9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1E4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc1F6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc207.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc20C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc22D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc238.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc239.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc23C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc241.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc242.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc24C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc256.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc261.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc264.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc273.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc27C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc28A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc28C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc29D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2A5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2C2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2DA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc2E4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc31.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc33B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc33C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc362.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3CD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc469.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4D1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc4F3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc582.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5E3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc60.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc62.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc63.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc778.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc784.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc82A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc83.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc89.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc8F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc90.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc93.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc95.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc97.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc98.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9A.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9B.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9C.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9D.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9E.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccA9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccAF8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccB9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccC9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccCF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccD9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccDF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccEF.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF0.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF1.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF2.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF3.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF4.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF6.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF7.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF8.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccF9.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFA.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFB.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFC.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFD.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\WEL\Local Settings\Temporary Internet Files\mccFF.tmp

ken545 THIS POST IS TOO LONG WILL SEND SECOND PART IMMEDIATELY.

Many thanks.
secWEL
 
Dear ken545

Second part of CombFix report:

c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair
c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\WEL\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
c:\documents and settings\WEL\WINDOWS
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\ini
c:\windows\system32\ini\DTYPE.CPG
c:\windows\system32\ini\DTYPE.FLS
c:\windows\system32\ini\DTYPE.PAT
c:\windows\system32\ini\DTYPE.PHY
c:\windows\system32\ini\DTYPE.STL
c:\windows\system32\ini\gs002.gsl
c:\windows\system32\ini\gs004.gsl
c:\windows\system32\ini\gs006.gsl
c:\windows\system32\ini\gs016.gsl
c:\windows\system32\ini\gs256.gsl
c:\windows\system32\ini\gssqrt.gsl
c:\windows\system32\LocalService
c:\windows\system32\rnaph.dll
C:\xcrashdump.dat
D:\uninstall.exe
W:\autorun.inf
.
Files Created from 2011-06-03 to 2011-07-03 .
.
2011-06-27 10:43 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 10:43 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-24 20:11 . 2011-07-03 09:45 -------- d-----w- c:\documents and settings\WEL\Security 201106
2011-06-23 11:02 . 2011-06-23 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-23 11:02 . 2011-06-23 11:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-22 18:56 . 2011-06-22 18:57 -------- d-----w- c:\program files\ERUNT
2011-06-21 15:57 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 15:02 . 2011-06-21 15:02 52352 ----a-w- c:\windows\system32\drivers\OLD5B.tmp
2011-06-21 13:50 . 2011-06-21 13:50 -------- d-----w- c:\documents and settings\WEL\Application Data\McAfee
2011-06-19 17:52 . 2011-06-19 17:52 -------- d-----w- c:\program files\Serif
2011-06-15 15:54 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 09:26 . 2011-06-12 09:26 -------- d-----w- c:\program files\alot
2011-06-10 16:16 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-10 16:16 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-10 15:25 . 2008-02-27 12:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-06-10 14:57 . 2011-06-10 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Boost
..
.
Find3M Report
.
2011-06-15 15:48 . 2011-05-14 09:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 08:11 . 2011-02-24 16:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 18:05 . 2008-06-11 19:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-05-25 06:09 . 2011-04-07 21:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-05-25 06:09 . 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-07 21:15 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-05-25 06:09 . 2011-04-07 21:15 13895272 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2011-05-12 14:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-25 06:09 . 2011-05-12 14:42 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-25 06:09 . 2011-05-12 14:42 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-25 06:09 . 2011-04-07 21:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-04-07 21:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-05-25 06:09 . 2006-08-16 07:35 16068608 ----a-w- c:\windows\system32\nvoglnt.dll
2011-05-25 06:09 . 2011-05-12 14:42 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-25 06:09 . 2008-05-16 13:01 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-25 06:09 . 2006-08-16 07:35 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2006-08-16 07:35 2328576 ----a-w- c:\windows\system32\nvapi.dll
2011-05-25 06:09 . 2006-08-16 07:35 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-05-16 11:23 . 2011-05-16 11:23 689664 ----a-w- c:\program files\MicrosoftFixit50202.msi
2011-05-02 15:31 . 2008-06-10 14:59 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 13:19 . 2011-04-20 13:19 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-14 13:01 . 2011-02-24 16:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01 . 2011-02-24 16:16 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01 . 2011-02-24 16:16 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01 . 2011-02-24 16:16 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01 . 2011-02-24 16:16 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01 . 2011-02-24 16:16 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01 . 2011-02-24 16:16 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01 . 2011-02-24 16:16 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01 . 2011-01-29 20:02 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 13:01 . 2010-10-13 22:28 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01 . 2010-10-13 22:28 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-08 05:14 . 2011-05-12 14:42 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-12 14:42 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-07 21:15 . 2011-04-07 21:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-06-16 04:32 . 2011-03-25 12:04 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-30 16:15 . 2010-03-03 10:19 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 13:01 . 2011-02-24 16:16 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
..
Reg Loading Points
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyA2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
"OM_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"UIWatcher"="d:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe" [2010-01-04 2530648]
"BrainBullet"="c:\progra~1\brainbullet\Brain Bullet.exe" [2006-12-15 140800]
"GTV GlobalIM"="d:\program files\Business Dashboard\global.im.exe" [2006-05-11 188416]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-05-10 1205760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-10-03 75376]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="d:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"USB Disk Tool"="d:\program files\USB Disk Tool\USNDISKT.EXE" [2003-04-02 122880]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2008-10-09 173408]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640]
"OM_Monitor"="d:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Ashampoo Core Tuner"="d:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2009-09-25 3334488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Ashampoo HDD Control Guard"="d:\program files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2010-02-16 3994456]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\WEL\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BBStartup.lnk.lnk - c:\program files\BrainBullet\BBStartup.exe [2010-4-2 403968]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-7-27 29696]
EPSON Background Monitor.lnk - c:\program files\EPSON\ESM2\STMS.exe [1999-6-7 233984]
hueyPROTray.lnk - d:\program files\Pantone\hueyPRO\hueyPROTray.exe [2010-1-18 1081344]
InterVideo WinCinema Manager.lnk - d:\program files\Corel\Common\Bin\WinCinemaMgr.exe [2008-12-8 114688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-22 805392]
Portfolio Express 8.5.lnk - d:\program files\Extensis\Portfolio 8.5\Portfolio Express.exe [2010-4-26 3280896]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [03/03/2010 20:13 38448]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [24/02/2011 17:16 84200]
R2 AntiSpy Server;AntiSpy Server;d:\program files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe [18/09/2008 10:10 98304]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/06/2011 16:57 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [24/02/2011 17:15 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [24/02/2011 17:17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [29/01/2011 21:02 141792]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/05/2011 15:49 2214504]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe [01/04/2011 05:11 428640]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [24/02/2011 17:16 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/06/2011 16:57 22712]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [24/02/2011 17:16 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24/02/2011 17:16 88736]
S0 nlwkxq;nlwkxq;c:\windows\system32\drivers\oxrsavq.sys --> c:\windows\system32\drivers\oxrsavq.sys [?]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S2 gupdate1ca3ad9368733e8;Google Update Service (gupdate1ca3ad9368733e8);c:\program files\Google\Update\GoogleUpdate.exe [21/09/2009 17:33 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [03/03/2010 11:19 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21/09/2009 17:33 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24/02/2011 17:16 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [24/02/2011 17:16 84488]
S3 USBSNXSTOR;Mass Storage driver ;c:\windows\system32\drivers\USBSNX2K.SYS [30/06/2008 19:28 53083]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 16:33]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-21 16:33]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-06-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2011-07-03 c:\windows\Tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://home.bt.yahoo.com/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:50808
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=DA3D929001CC28E2000BA1B8&src_id=11407&camp_id=38&tb_version=2.5.18000.3
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33Z&tb_version=2.4.11000%28F%29&pr=auto&q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Uniblue RegistryBooster 2009 - d:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-TaskTray - (no file)
Notify-70e961f0658 - (no file)
AddRemove-360Share Pro - c:\program files\360Share Pro\bt-uninst.exe
AddRemove-JESSOPS - D:\uninstall.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Relaxation-CDs.com Screensaver - c:\windows\uninstall Relaxati.exe...
**************************************************************************.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 17:31
Windows 5.1.2600 Service Pack 3 NTFS.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0.
**********************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2011-07-03 17:35:18
ComboFix-quarantined-files.txt 2011-07-03 16:35
.
Pre-Run: 58,444,079,104 bytes free
Post-Run: 59,194,941,440 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 654024D73E2E79C52B8896708317F628

I hope the split file does not make things more difficult for you.

Thank you

secWEL
 
You did just fine

MyAshampoo<-- Do you use this toolbar, it appears to fall somewhere in the gray area ?


You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

c:\windows\system32\drivers\oxrsavq.sys<--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en





Keep Combofix on your desktop, we may need to run it again



Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean






Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
Hello ken545,

Thanks again for very quick response.

Ashampoo is a very good German company that produces a variety of software packages, some of which I have used for years without problems, so I think their toolbar is probably OK, but I do not use so will remove later.

I have unhidden the files and all my icons are back and Win Explorer now lists the files in the D: drive. Thank you very much.

VirusTotal does not list the “oxrsavq.sys” file and I cannot find on my machine so have not been able to submit it. What should I do?

Tried to run TFC and ended up with two instances both “not responding” and I could not clear them so reset the machine. Several attemps at a normal boot failed, so I started in “Safe-mode” and ran TFC successfully.

Had warning from McAfee that “Real time Scanning” was off and it would not reset, so I shut-down. Domestic pressures and lateness forced break at this time.

Have now downloaded and run MBAM, the report is below and shows no infections.

Is this progress?

MBAM Report:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7013

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

03/07/2011 22:46:10
mbam-log-2011-07-03 (22-46-10).txt

Scan type: Quick scan
Objects scanned: 206345
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I really do appreciate your help, I wish I had the skills and knowledge.

Thanks again. (Am going to bed now!)

secWEL
 
Lets do this

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
Hello ken545

Thank you.

I have run “OTL” and include the ”OTL.text” below and will send the “Extras.txt” with the next post.

A brief summary of the status this morning:
a) machine would not boot normally so I ran in “Safe-mode” with boot logging. The log covered 300 pages and the last 3 entries were:
“Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Did not load driver cfwids.SYS”
Prior to those there was a long list of “Did not load”

b) the machine is slow.
McAfee seems to have lost its database and it had to be renewed, also there is an error:
Error Signature
szAppName : McSvHost.exe szAppVer : 1.5.109.0 szModName : HWAPI.dll
szModVer : 11.5.109.0 offset : 000427ae

Error Report
C:\DOCUME~1\WEL\LOCALS~1\Temp\WERddf3.dir00\McSvHost.exe.mdmp
C:\DOCUME~1\WEL\LOCALS~1\Temp\WERddf3.dir00\appcompat.txt

I do not know whether these are related to the main problem.

Sorry text is too long so will send "OTL.txt" in two parts.

OTL.txt (Part 1)
OTL logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - c:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
PRC - D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
PRC - D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
PRC - D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\BrainBullet\Brain Bullet.exe ()
PRC - C:\Program Files\BrainBullet\mblit.exe ()
PRC - C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
PRC - D:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
PRC - C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - D:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (AntiSpy Server) -- D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (iviVD) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LUsbKbd) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys (Logitech Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (USBSNXSTOR) -- C:\WINDOWS\system32\drivers\USBSNX2K.SYS ( )
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/...s/*http://uk.docs.yahoo.com/info/bt_side.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {eca3ccd6-0f7d-11de-9997-000347bb5186}:1.07
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q="

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 10:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/26 19:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 11:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 20:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/26 19:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/30 20:12:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions
[2010/04/28 14:52:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/23 11:53:45 | 000,000,000 | -H-D | M] (Minimap Addon) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011/06/27 13:53:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/27 13:53:37 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/05/09 10:40:54 | 000,000,000 | -H-D | M] (Vouchers.Im Indicator) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{eca3ccd6-0f7d-11de-9997-000347bb5186}
[2011/03/21 21:13:03 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\engine@conduit.com
[2011/06/21 18:55:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\foxyproxy@eric.h.jung
[2011/03/13 10:10:58 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\personas@christopher.beard
[2011/06/30 19:25:28 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\toolbar@alot.com
[2011/06/22 14:40:23 | 000,002,093 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search-1.xml
[2009/08/11 14:34:24 | 000,002,101 | -H-- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search.xml
[2011/06/27 11:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 12:10:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 19:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/06 12:42:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 18:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 17:46:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 10:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2010/04/07 09:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/03 17:30:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511113155.dll (McAfee, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [Ashampoo HDD Control Guard] D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OpwareSE4] D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Disk Tool] D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [BrainBullet] c:\Program Files\BrainBullet\Brain Bullet.exe ()
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [GTV GlobalIM] D:\Program Files\Business Dashboard\global.im.exe (GTV Solutions, Inc.)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [UIWatcher] D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - HKU\S-1-5-21-329068152-1637723038-725345543-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk = C:\Program Files\BrainBullet\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\quickenw\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk = D:\Program Files\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\Corel\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk = D:\Program Files\Extensis\Portfolio 8.5\Portfolio Express.exe (Extensis, Inc.)
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-329068152-1637723038-725345543-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1637723038-725345543-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: ("C:\PROGRA~1\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPNETWORK3.DLL") - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 16:01:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/17 19:05:20 | 000,000,000 | ---D | M] - W:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

**** END PART 1 ******


Thanks
secWEL
 
ken%$%

**** OTL.txt Part 2 *****

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 10:26:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/04 10:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/03 22:36:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:49:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 20:11:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 16:59:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 16:59:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 16:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 16:59:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 16:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 16:39:38 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/02 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/07/02 15:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Desktop\7-Zip
[2011/06/24 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Security 201106
[2011/06/23 12:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 11:57:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:50 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 20:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/22 19:49:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 16:57:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/21 16:31:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WEL\Recent
[2011/06/21 14:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Application Data\McAfee
[2011/06/19 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2011/06/15 16:54:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2011/06/10 17:16:07 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/10 17:16:07 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/06/10 15:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/06/10 15:56:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverBoost
[2011/06/06 17:27:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/30 19:28:28 | 000,053,083 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\USBSNX2K.SYS

========== Files - Modified Within 30 Days ==========

[2011/07/04 10:28:18 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
[2011/07/04 10:26:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/04 10:24:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 10:24:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 10:11:34 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 10:11:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 10:09:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 10:07:08 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/07/04 10:06:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 10:06:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/03 22:42:04 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 22:37:35 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:11:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:30:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 17:03:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/03 16:52:49 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/03 12:57:19 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 11:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/06/30 09:54:59 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:33 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 15:35:41 | 000,002,053 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/29 12:54:24 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 15:56:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 11:43:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | M] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 12:02:22 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 11:57:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:57 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 19:57:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/22 19:49:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 14:50:38 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/20 16:23:20 | 000,002,521 | -H-- | M] () -- C:\Documents and Settings\WEL\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/19 19:31:12 | 000,073,728 | -H-- | M] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 19:03:55 | 000,579,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/16 18:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 20:24:05 | 000,512,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 20:24:05 | 000,097,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 20:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 16:48:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 17:34:11 | 000,001,687 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/06/10 17:18:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/10 17:18:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/10 17:18:17 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

========== Files Created - No Company Name ==========

[2011/07/03 17:11:07 | 000,001,787 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2011/07/03 17:11:07 | 000,001,697 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011/07/03 17:11:07 | 000,001,687 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/07/03 17:11:06 | 000,001,372 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
[2011/07/03 17:11:06 | 000,000,812 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2011/07/03 17:11:06 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
[2011/07/03 17:11:06 | 000,000,716 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
[2011/07/03 17:11:06 | 000,000,680 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk
[2011/07/03 17:10:29 | 000,001,803 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Desktop Search.lnk
[2011/07/03 17:10:29 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/03 17:10:29 | 000,000,660 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
[2011/07/03 17:10:29 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/03 17:10:29 | 000,000,548 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XTA Deluxe.lnk
[2011/07/03 17:10:28 | 000,002,269 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PhotoPlus X3.lnk
[2011/07/03 17:10:28 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PanoramaPlus 3.lnk
[2011/07/03 17:10:28 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MoviePlus X5.lnk
[2011/07/03 17:10:28 | 000,001,840 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PagePlus X4.lnk
[2011/07/03 17:10:28 | 000,001,836 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif WebPlus X5.lnk
[2011/07/03 17:10:28 | 000,000,745 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MontagePlus 1.0.lnk
[2011/07/03 17:10:28 | 000,000,735 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PopArtPlus 1.0.lnk
[2011/07/03 17:10:27 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X3.lnk
[2011/07/03 17:10:27 | 000,002,263 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif DrawPlus X3.lnk
[2011/07/03 17:10:27 | 000,001,986 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/07/03 17:10:27 | 000,001,868 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif Digital Scrapbook Artist.lnk
[2011/07/03 17:10:27 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/03 17:10:27 | 000,001,852 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus SE PRO.lnk
[2011/07/03 17:10:27 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X4.lnk
[2011/07/03 17:10:27 | 000,000,932 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/07/03 17:10:27 | 000,000,821 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif ImpactPlus 5.0.lnk
[2011/07/03 17:10:27 | 000,000,729 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual C# 2008 Express Edition.lnk
[2011/07/03 17:10:26 | 000,002,453 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007.lnk
[2011/07/03 17:10:26 | 000,002,209 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/07/03 17:10:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/03 17:10:26 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/03 17:10:26 | 000,001,715 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/03 17:10:26 | 000,000,696 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/07/03 17:10:26 | 000,000,676 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\InstantStorm.lnk
[2011/07/03 17:10:25 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/03 17:03:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/03 17:03:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/03 16:59:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 16:59:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 16:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 16:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 16:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 12:58:19 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 09:54:59 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:32 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 12:54:24 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 11:43:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:43:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | C] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/23 12:02:22 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/22 19:57:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/21 16:57:16 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/10 17:16:08 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/06/10 17:16:07 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/10 16:25:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/05/19 12:14:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 12:23:09 | 000,689,664 | ---- | C] () -- C:\Program Files\MicrosoftFixit50202.msi
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/12 15:44:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/25 21:53:21 | 000,293,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 17:12:34 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2010/10/30 15:12:54 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/10/30 15:12:53 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/10/10 12:35:11 | 000,137,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 21:08:21 | 000,346,012 | ---- | C] () -- C:\WINDOWS\uninstall Fantasy_.exe
[2010/03/03 20:13:44 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2010/03/03 20:13:41 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2010/03/03 20:13:41 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2010/03/03 20:13:40 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010/02/13 12:18:56 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/12/03 17:43:27 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/12/03 17:43:27 | 000,001,186 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/10/20 12:02:34 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\fusioncache.dat
[2009/10/07 12:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 19:02:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/18 12:06:02 | 000,008,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/19 12:18:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 10:30:08 | 000,112,128 | ---- | C] () -- C:\WINDOWS\PRCENWIN.EXE
[2009/02/13 10:30:08 | 000,000,292 | ---- | C] () -- C:\WINDOWS\PSIONPRC.INI
[2009/02/13 10:29:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Ode.ini
[2009/02/06 11:19:03 | 000,002,320 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/02 12:53:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/02/02 12:52:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/17 20:05:47 | 000,100,489 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2008/12/17 20:05:27 | 000,002,644 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/08 17:34:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/08 17:34:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/08 17:34:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/08 17:34:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/08 17:30:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\CopyToGo.dat
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/12/07 11:51:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/14 17:43:39 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2008/11/14 15:43:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SerifAnimation0.dll
[2008/11/14 15:43:06 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\SerifVideo0.dll
[2008/11/14 15:43:06 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\SerifVideoDX0.dll
[2008/11/14 15:43:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SerifDSFiltEnum0.dll
[2008/10/08 15:22:05 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\$_hpcst$.hpc
[2008/10/06 19:41:59 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2008/10/06 19:41:59 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/10/06 19:41:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2008/07/27 18:37:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2008/07/27 18:37:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/07/27 18:36:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/07/27 18:34:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUSB.DAT
[2008/07/27 18:29:42 | 000,002,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/27 18:29:42 | 000,001,000 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
[2008/07/27 18:29:39 | 000,004,645 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2008/07/21 22:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2008/07/21 22:22:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/07/21 22:22:47 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/07/21 22:22:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/07/21 22:22:47 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/09 18:18:10 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 15:26:31 | 000,036,574 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).ADR
[2008/07/03 15:20:24 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).EML
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\UMSDIH.DLL
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\ReSet.exe
[2008/06/20 10:57:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/06/20 10:55:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/20 10:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/14 19:07:32 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 15:04:18 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/12 09:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\meridian.INI
[2008/06/11 20:32:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/06/11 20:31:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/10 16:51:56 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/10 16:50:55 | 000,579,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/10 16:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/10 15:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/23 18:37:18 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACEncoder.dll
[2006/02/23 17:37:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\dsfVorbisDecoder.dll
[2006/02/23 17:36:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dsfOggDemux2.dll
[2006/02/23 17:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfOGMDecoder.dll
[2006/02/23 17:35:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfNativeFLACSource.dll
[2006/02/23 17:35:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACDecoder.dll
[2006/02/23 17:34:58 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll
[2006/02/23 17:34:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libFishSound.dll
[2006/02/23 17:34:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\libOOOggSeek.dll
[2006/02/23 17:34:26 | 001,108,480 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/02/23 17:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\libOOogg.dll
[2006/02/23 17:33:54 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,512,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,097,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

========== LOP Check ==========

[2010/05/28 19:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ashampoo
[2008/11/11 01:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2008/06/14 19:34:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/03 21:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celartem
[2009/10/06 10:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2009/08/25 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Anarchy
[2008/08/30 20:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/06/10 15:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/05/12 19:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/05/09 19:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2011/03/04 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Engelmann Media
[2011/03/03 21:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Extensis
[2011/02/24 16:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iBaAgAi08200
[2011/03/04 10:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/03/03 11:33:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2011/03/23 20:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MipKukSoft
[2011/05/22 20:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/07/21 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/28 20:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RootsMagic
[2008/06/20 10:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/05/15 15:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2008/12/07 11:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/05/08 18:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/02/01 15:53:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2010/09/23 18:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/16 17:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/06/12 16:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B9F9E1D5-C790-4BF3-916E-3090346AFDEB}
[2009/08/29 14:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/05/20 10:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2011/06/08 10:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\PDF Software
[2010/04/02 17:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\111701
[2009/10/14 14:13:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Ashampoo
[2008/07/23 15:24:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Canon
[2009/08/28 14:41:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ChaosPro
[2008/10/06 19:43:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\CheckPoint
[2009/10/12 19:43:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\CoffeeCup Software
[2010/10/23 17:54:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\DocumentsToGoDesktop
[2011/05/22 20:26:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\DriverCure
[2011/03/04 11:02:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Engelmann Media
[2011/03/03 21:26:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Extensis
[2009/10/12 15:20:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\FileZilla
[2010/04/09 15:46:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\InterVideo
[2008/06/29 15:29:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Konrad Papala
[2011/03/23 20:59:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Kybtec Software
[2008/12/08 17:35:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Leadertech
[2009/10/15 10:03:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\LimeWire
[2009/10/18 19:07:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/10/20 12:02:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\MipKukSoft
[2008/12/07 17:38:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Moyea
[2008/06/12 16:59:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NCode
[2009/03/04 20:27:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NetCentrics
[2008/06/28 12:23:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\NewSoft
[2011/01/27 16:46:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Notepad++
[2009/10/12 15:19:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Nvu
[2009/08/01 15:14:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\OLYMPUS
[2009/10/13 16:59:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\OpenOffice.org
[2010/01/19 15:16:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Pantone
[2011/05/22 20:26:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ParetoLogic
[2011/06/09 10:33:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\PDF Software
[2009/11/05 15:53:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\PersonalBrain
[2010/01/30 13:45:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Quo2
[2010/06/28 20:34:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\RootsMagic
[2008/06/20 10:53:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\ScanSoft
[2009/06/30 20:28:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Scooter Software
[2009/10/09 17:20:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Serif
[2009/10/15 10:03:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\System Tweaker
[2011/01/04 18:54:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Thunderbird
[2011/05/08 18:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Titanium Gears
[2010/02/01 16:46:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Uniblue
[2008/07/03 11:09:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\WEL\Application Data\Windows Desktop Search
[2011/07/04 10:28:18 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job

========== Purity Check ==========



< End of report >

I will send "extras.txt" with next post.

Thanks
secWEL
 
Hello ken545

Here is "Extas.txt":

OTL Extras logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JESSOPS] -- "D:\Jessops.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F953C2-1934-4D5B-A464-BDA1E883894A}" = Serif PopArtPlus 1.0
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.9.3 UK Edition
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC44278-1474-47E0-A5D7-E08C017CF024}" = Getting Things Done Outlook Add-In
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{30BBE9FD-3D6D-4A32-A1BC-CA5BC8C3C993}" = Serif AlbumPlus X3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394958C2-8036-4385-81F5-B63F221D0DD0}" = InterVideo VirtualDrive
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60A9D3B8-485B-493C-8F2E-FC99177E26A9}_is1" = Clifton StrengthsFinder Screen Saver 1.0
"{614C466C-EB3C-F9A0-B741-C726A81EAD1A}" = Market Samurai
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.6.2.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7070E859-68A6-4539-A629-58B06CBCACD4}" = Serif MoviePlus X3 Resources
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.0.0)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
"{A2996B98-02BD-4779-93CC-E0A9EA52871F}" = Extensis Portfolio 8.5.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}" = Paragon Hard Disk Manager 8.5 Professional
"{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
"{A6AA9ABB-B7F8-49D6-9B2B-B7F5B6302D6A}" = Serif AlbumPlus X4
"{A72F9228-6931-4F89-A698-A94CFC4B312F}" = Kybtec World Clock 4.4.2.1
"{A8A42A57-2320-464B-9F5D-3F85089C4714}" = Serif MontagePlus 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{A97C9EA2-8D23-412A-B9B4-146CEABE7A61}" = Serif Premium Template Pack for PagePlus
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACB7D6F2-71A2-44A3-A703-550FA65679D9}" = Guardian PC Security Tools
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF6841FE-7A9D-45C1-ACE8-1BE7F2F6A027}" = ArcSoft TotalMedia Extreme
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BB8D0355-654B-4B6E-8D38-E61D2BB81EF8}" = SafeNSecure $TRIALSTR$
"{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F6900E-AA65-4200-A62D-E917C6F67107}" = Serif DrawPlus X3 Resources
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{D5B2EBB1-F7D0-4F3E-A549-FEC4EFA81A6A}" = USB Disk Tool
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}" = Omron Health Management Software
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EE070961-CDEB-4C73-BF95-D68B68C6129D}" = Quo v2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD1B2E34-D0B7-4E8C-8CB9-435F545C776C}" = Serif DrawPlus X3
"{FE8E1858-8E73-4ACD-0001-393419DB8F1B}" = MyTube BigPack 4 HD
"{FF01F58F-A8B3-E2BD-45EB-E9CF29BC0B38}" = XTA Deluxe
"1190-3857-8766-9166" = PersonalBrain 5
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Chess School" = Advanced Chess School
"alotToolbar" = ALOT Toolbar
"ArtStudioProEssentials_is1" = ArtStudioProEssentials
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.20
"Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.11
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.40
"Ashampoo PowerUp 3_is1" = Ashampoo PowerUp 3.23
"Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4.04
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.2
"Bibble Pro" = Bibble Pro
"Brain Bullet 2.0" = Brain Bullet 2.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"Business Dashboard 2.5" = Business Dashboard 2.5
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CD Data Rescue_is1" = CD Data Rescue 2.6
"ChaosPro 3.3" = ChaosPro 3.3
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
"com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = XTA Deluxe
"DAO 3.5" = DAO 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Fantasy Universe Screensaver" = Fantasy Universe Screensaver
"FileZilla Client" = FileZilla Client 3.2.8.1
"GanttProject" = GanttProject
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"Hardware Helper_is1" = Hardware Helper
"Harry's Filters_is1" = Harry's Filters 3.01
"huey_is1" = hueyPRO 1.5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstantStorm_is1" = InstantStorm 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Virtual Technician" = McAfee Virtual Technician
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = BT NetProtect Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"PCI Audio Driver" = PCI Audio Driver
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RealPlayer 12.0" = RealPlayer
"SafeNSecure Password Manager" = SafeNSecure Password Manager
"ShareScope Gold" = ShareScope Gold
"ST6UNST #1" = uolmsDiag install
"Success Manager Pro_is1" = Success Manager Pro
"Taskimizer_is1" = Taskimizer
"The Action Machine_is1" = The Action Machine
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VertusFluidMaskLite" = Vertus Fluid Mask Lite 1.0.2
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Wipe" = Web Wipe
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.1.4
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/07/2011 04:26:15 | Computer Name = AMD2-3A4FB6A446 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 04/07/2011 05:16:58 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module
HWAPI.dll, version 11.5.109.0, fault address 0x0001a0f5.

Error - 04/07/2011 05:17:15 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1001
Description = Fault bucket 1965432135.

[ OSession Events ]
Error - 01/04/2010 15:22:00 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39566
seconds with 7080 seconds of active time. This session ended with a crash.

Error - 27/08/2010 06:50:42 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 419
seconds with 360 seconds of active time. This session ended with a crash.

Error - 13/10/2010 06:40:02 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.

Error - 02/11/2010 14:11:50 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24780
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 16/11/2010 13:54:17 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29426
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 23/02/2011 13:20:47 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1155
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 04/03/2011 17:10:39 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36226
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 06/05/2011 12:07:35 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 387
seconds with 240 seconds of active time. This session ended with a crash.

Error - 19/06/2011 11:46:12 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3300
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/07/2011 16:12:28 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 40201
seconds with 3060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/07/2011 05:04:07 | Computer Name = AMD2-3A4FB6A446 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 04/07/2011 05:08:01 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

Thanks
secWEL
 
Hi,

The alerts and errors your getting are related to McAfee, you may want to uninstall that program and reinstall it.



Backup Your Registry with ERUNT:
  • Download erunt.zip to your Desktop from here:
    http://aumha.org/downloads/erunt.zip
  • Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
  • Inside the new folder, double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe







Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
IE - HKU\S-1-5-21-329068152-1637723038-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..keyword.URL: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q="


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
Hi ken545

Reports:

First OTL report using yr code:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://search.alot.com/web?&src_id=11031&client_id=ba146d35986fdc88e6195cb8&camp_id=38&install_time=2009-08-11T13:33:28Z&tb_version=2.4.11000%28F%29&pr=auto&q=" removed from keyword.URL
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.64
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\WEL\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\WEL\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.AMD2-3A4FB6A446
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.AMD2-3A4FB6A446.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: WEL
->Temp folder emptied: 2212624 bytes
->Temporary Internet Files folder emptied: 2710856 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37991656 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 810 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108728235 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 145.00 mb


OTL by OldTimer - Version 3.2.25.0 log created on 07042011_143807

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_edc.dat moved successfully.
C:\Documents and Settings\WEL\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...

The reports from the scan will be in the next two posts.


Thanks secWEL
 
Hello again

The OTL.txt file:

OTL logfile created on: 04/07/2011 14:52:43 - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 59.60% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.45 Gb Free Space | 56.78% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.36 Gb Free Space | 91.23% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - c:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe (Alcatel-Lucent)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe ()
PRC - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
PRC - D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
PRC - D:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
PRC - D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
PRC - C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\WEL\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)
MOD - D:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (Automatic LiveUpdate Scheduler) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (AshampooDefragService) -- C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe ( )
SRV - (AntiSpy Server) -- D:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe (Boomerang Software, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (bgsvcgen) -- C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\EPSON\ESM2\eEBSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (LVUVC) Logitech Webcam Pro 9000(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (iviVD) -- C:\WINDOWS\system32\DRIVERS\iviVD.sys (InterVideo)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech Inc.)
DRV - (LUsbKbd) -- C:\WINDOWS\system32\drivers\LUsbKbd.sys (Logitech Inc.)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (USBSNXSTOR) -- C:\WINDOWS\system32\drivers\USBSNX2K.SYS ( )
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/...s/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.3.0
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {eca3ccd6-0f7d-11de-9997-000347bb5186}:1.07
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/25 10:35:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/26 19:07:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 11:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 20:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/26 19:07:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions
[2011/01/04 18:55:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/30 20:12:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions
[2010/04/28 14:52:27 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/23 11:53:45 | 000,000,000 | -H-D | M] (Minimap Addon) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2011/06/27 13:53:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/27 13:53:37 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011/05/09 10:40:54 | 000,000,000 | -H-D | M] (Vouchers.Im Indicator) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\{eca3ccd6-0f7d-11de-9997-000347bb5186}
[2011/03/21 21:13:03 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\engine@conduit.com
[2011/06/21 18:55:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\foxyproxy@eric.h.jung
[2011/03/13 10:10:58 | 000,000,000 | -H-D | M] (Personas) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\personas@christopher.beard
[2011/06/30 19:25:28 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\extensions\toolbar@alot.com
[2011/06/22 14:40:23 | 000,002,093 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search-1.xml
[2009/08/11 14:34:24 | 000,002,101 | -H-- | M] () -- C:\Documents and Settings\WEL\Application Data\Mozilla\Firefox\Profiles\y8lt4gvi.default\searchplugins\alot-search.xml
[2011/06/27 11:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 12:10:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/05/07 19:17:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/06 12:42:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/07 18:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/06 17:46:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/07 10:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\WEL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y8LT4GVI.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2010/04/07 09:44:22 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/04 14:38:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110511113155.dll (McAfee, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyA2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] D:\Program Files\Ashampoo\Ashampoo Core Tuner\ct.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [Ashampoo HDD Control Guard] D:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [OpwareSE4] D:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDUiP6700DMon] C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe (CANON INC.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Disk Tool] D:\Program Files\USB Disk Tool\USNDISKT.EXE ( )
O4 - HKCU..\Run: [BrainBullet] c:\Program Files\BrainBullet\Brain Bullet.exe ()
O4 - HKCU..\Run: [GTV GlobalIM] D:\Program Files\Business Dashboard\global.im.exe (GTV Solutions, Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [OM_Monitor] D:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [UIWatcher] D:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe (ashampoo GmbH & Co. KG)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk = C:\Program Files\BrainBullet\BBStartup.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\quickenw\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk = D:\Program Files\Pantone\hueyPRO\hueyPROTray.exe (Pantone & X-Rite)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\Corel\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk = D:\Program Files\Extensis\Portfolio 8.5\Portfolio Express.exe (Extensis, Inc.)
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\WEL\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: ("C:\PROGRA~1\GOOGLE\GOOGLE DESKTOP SEARCH\GOOGLEDESKTOPNETWORK3.DLL") - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 16:01:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/17 19:05:20 | 000,000,000 | ---D | M] - W:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 14:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/04 14:07:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 10:26:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/03 22:36:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:49:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/03 20:11:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 16:59:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 16:59:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 16:59:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 16:59:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 16:46:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 16:39:38 | 004,130,135 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/02 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/07/02 15:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Desktop\7-Zip
[2011/06/24 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Security 201106
[2011/06/23 12:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/23 12:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/23 11:57:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:50 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 20:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/22 19:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/06/22 19:49:38 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 16:57:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/21 16:31:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\WEL\Recent
[2011/06/21 14:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WEL\Application Data\McAfee
[2011/06/19 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2011/06/15 16:54:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 10:26:15 | 000,000,000 | ---D | C] -- C:\Program Files\alot
[2011/06/10 17:16:07 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220150.dll
[2011/06/10 17:16:07 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322090.dll
[2011/06/10 15:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011/06/10 15:56:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverBoost
[2011/06/06 17:27:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2008/06/30 19:28:28 | 000,053,083 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\USBSNX2K.SYS

========== Files - Modified Within 30 Days ==========

[2011/07/04 14:48:53 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 14:48:39 | 000,000,388 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{81C2EF70-E002-4EE1-9F6E-E49E9C3510BC}.job
[2011/07/04 14:48:09 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-1003.job
[2011/07/04 14:48:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/04 14:43:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 14:43:38 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/07/04 14:43:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/04 14:43:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/07/04 14:38:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/04 14:24:31 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 13:54:37 | 000,002,521 | -H-- | M] () -- C:\Documents and Settings\WEL\Desktop\Microsoft Office Outlook 2007.lnk
[2011/07/04 12:11:15 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to EXCEL.EXE.lnk
[2011/07/04 10:26:38 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\OTL.exe
[2011/07/03 22:42:04 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/03 22:37:35 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WEL\Desktop\mbam-setup-1.51.0.1200.exe
[2011/07/03 20:11:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WEL\Desktop\TFC.exe
[2011/07/03 17:03:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/07/03 16:52:49 | 004,130,135 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\ComboFix.exe
[2011/07/03 12:57:19 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 11:49:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1637723038-725345543-500.job
[2011/06/30 09:54:59 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:33 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 15:35:41 | 000,002,053 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/29 12:54:24 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 15:56:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/27 11:43:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | M] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/23 12:02:22 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 11:57:47 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\WEL\Desktop\spybotsd162.exe
[2011/06/22 20:04:57 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\WEL\Desktop\dds.scr
[2011/06/22 19:57:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/22 19:49:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\WEL\Desktop\erunt-setup.exe
[2011/06/21 14:50:38 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/06/19 19:31:12 | 000,073,728 | -H-- | M] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/19 19:03:55 | 000,579,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/16 18:03:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 20:24:05 | 000,512,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 20:24:05 | 000,097,600 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 20:02:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 16:48:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/10 17:34:11 | 000,001,687 | -H-- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/06/10 17:18:22 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/10 17:18:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/10 17:18:17 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

========== Files Created - No Company Name ==========

[2011/07/04 12:11:15 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to EXCEL.EXE.lnk
[2011/07/03 17:11:07 | 000,001,787 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2011/07/03 17:11:07 | 000,001,697 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Portfolio Express 8.5.lnk
[2011/07/03 17:11:07 | 000,001,687 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011/07/03 17:11:06 | 000,001,372 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
[2011/07/03 17:11:06 | 000,000,812 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2011/07/03 17:11:06 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Background Monitor.lnk
[2011/07/03 17:11:06 | 000,000,716 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BBStartup.lnk.lnk
[2011/07/03 17:11:06 | 000,000,680 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hueyPROTray.lnk
[2011/07/03 17:10:29 | 000,001,803 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Desktop Search.lnk
[2011/07/03 17:10:29 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/07/03 17:10:29 | 000,000,660 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Xtreme Traffic Arbitrage.lnk
[2011/07/03 17:10:29 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/03 17:10:29 | 000,000,548 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\XTA Deluxe.lnk
[2011/07/03 17:10:28 | 000,002,269 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PhotoPlus X3.lnk
[2011/07/03 17:10:28 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PanoramaPlus 3.lnk
[2011/07/03 17:10:28 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MoviePlus X5.lnk
[2011/07/03 17:10:28 | 000,001,840 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PagePlus X4.lnk
[2011/07/03 17:10:28 | 000,001,836 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif WebPlus X5.lnk
[2011/07/03 17:10:28 | 000,000,745 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif MontagePlus 1.0.lnk
[2011/07/03 17:10:28 | 000,000,735 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif PopArtPlus 1.0.lnk
[2011/07/03 17:10:27 | 000,002,265 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X3.lnk
[2011/07/03 17:10:27 | 000,002,263 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif DrawPlus X3.lnk
[2011/07/03 17:10:27 | 000,001,986 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/07/03 17:10:27 | 000,001,868 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif Digital Scrapbook Artist.lnk
[2011/07/03 17:10:27 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/07/03 17:10:27 | 000,001,852 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus SE PRO.lnk
[2011/07/03 17:10:27 | 000,001,844 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif AlbumPlus X4.lnk
[2011/07/03 17:10:27 | 000,000,932 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/07/03 17:10:27 | 000,000,821 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Serif ImpactPlus 5.0.lnk
[2011/07/03 17:10:27 | 000,000,729 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual C# 2008 Express Edition.lnk
[2011/07/03 17:10:26 | 000,002,453 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Communicator 2007.lnk
[2011/07/03 17:10:26 | 000,002,209 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/07/03 17:10:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/03 17:10:26 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/03 17:10:26 | 000,001,715 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/07/03 17:10:26 | 000,000,696 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Market Samurai.lnk
[2011/07/03 17:10:26 | 000,000,676 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\InstantStorm.lnk
[2011/07/03 17:10:25 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/03 17:03:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/07/03 17:03:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/03 16:59:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 16:59:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 16:59:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 16:59:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 16:59:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/03 12:58:19 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\CKScanner.exe
[2011/06/30 09:54:59 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to scalc.lnk
[2011/06/30 09:49:54 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to swriter.lnk
[2011/06/30 09:49:43 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to smath.lnk
[2011/06/30 09:46:32 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OpenOffice.org 3.lnk
[2011/06/29 22:13:36 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to OUTLOOK.lnk
[2011/06/29 12:54:24 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Shortcut to iexplore.lnk
[2011/06/27 20:15:46 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/27 20:15:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/27 11:43:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\WEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/27 11:43:35 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/27 11:43:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/27 11:29:39 | 002,539,644 | ---- | C] () -- C:\Documents and Settings\WEL\My Documents\Set up site in 60min.pdf
[2011/06/23 12:02:22 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\Spybot - Search & Destroy.lnk
[2011/06/22 19:57:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\WEL\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/06/22 19:56:25 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\NTREGOPT.lnk
[2011/06/22 19:56:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\WEL\Desktop\ERUNT.lnk
[2011/06/21 16:57:16 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/10 17:16:08 | 000,003,249 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/06/10 17:16:07 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/10 16:25:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/05/19 12:14:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/05/16 12:23:09 | 000,689,664 | ---- | C] () -- C:\Program Files\MicrosoftFixit50202.msi
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/12 15:44:54 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/12 15:44:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/04/01 04:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/03/25 21:53:21 | 000,293,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/17 17:12:34 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2010/10/30 15:12:54 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2010/10/30 15:12:53 | 000,308,224 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2010/10/10 12:35:11 | 000,137,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/05 21:08:21 | 000,346,012 | ---- | C] () -- C:\WINDOWS\uninstall Fantasy_.exe
[2010/03/03 20:13:44 | 000,011,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\UimFIO.sys
[2010/03/03 20:13:41 | 004,245,008 | ---- | C] () -- C:\WINDOWS\System32\qtp-mt334.dll
[2010/03/03 20:13:41 | 000,247,824 | ---- | C] () -- C:\WINDOWS\System32\prgiso.dll
[2010/03/03 20:13:40 | 000,013,840 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2010/02/13 12:18:56 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/12/03 17:43:27 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2009/12/03 17:43:27 | 000,001,186 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/10/20 12:02:34 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\fusioncache.dat
[2009/10/07 12:22:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/09 19:02:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/18 12:06:02 | 000,008,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/03/19 12:18:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/02/13 10:30:08 | 000,112,128 | ---- | C] () -- C:\WINDOWS\PRCENWIN.EXE
[2009/02/13 10:30:08 | 000,000,292 | ---- | C] () -- C:\WINDOWS\PSIONPRC.INI
[2009/02/13 10:29:35 | 000,001,024 | ---- | C] () -- C:\WINDOWS\Ode.ini
[2009/02/06 11:19:03 | 000,002,320 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/02 12:53:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/02/02 12:52:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/17 20:05:47 | 000,100,489 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2008/12/17 20:05:27 | 000,002,644 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/12/08 17:34:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/12/08 17:34:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/12/08 17:34:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/12/08 17:34:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/12/08 17:34:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/08 17:30:46 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\CopyToGo.dat
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/12/07 11:51:14 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/12/07 11:51:14 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/11/14 17:43:39 | 000,302,592 | ---- | C] () -- C:\WINDOWS\mauninst.exe
[2008/11/14 15:43:07 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SerifAnimation0.dll
[2008/11/14 15:43:06 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\SerifVideo0.dll
[2008/11/14 15:43:06 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\SerifVideoDX0.dll
[2008/11/14 15:43:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SerifDSFiltEnum0.dll
[2008/10/08 15:22:05 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\$_hpcst$.hpc
[2008/10/06 19:41:59 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2008/10/06 19:41:59 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2008/10/06 19:41:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2008/07/27 18:37:40 | 000,000,030 | ---- | C] () -- C:\WINDOWS\INTURS.DAT
[2008/07/27 18:37:35 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2008/07/27 18:36:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/07/27 18:36:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/07/27 18:34:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\INTUSB.DAT
[2008/07/27 18:29:42 | 000,002,053 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/07/27 18:29:42 | 000,001,000 | ---- | C] () -- C:\WINDOWS\Intuprof.ini
[2008/07/27 18:29:39 | 000,004,645 | ---- | C] () -- C:\WINDOWS\icoadb32.dat
[2008/07/21 22:28:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2008/07/21 22:22:47 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/07/21 22:22:47 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/07/21 22:22:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/07/21 22:22:47 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/07/16 23:35:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/09 18:18:10 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 15:26:31 | 000,036,574 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).ADR
[2008/07/03 15:20:24 | 000,020,000 | -H-- | C] () -- C:\Documents and Settings\WEL\Application Data\Comma Separated Values (Windows).EML
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\UMSDIH.DLL
[2008/06/30 19:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\ReSet.exe
[2008/06/20 10:57:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2008/06/20 10:55:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/06/20 10:53:50 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/06/14 19:07:32 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\WEL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/12 15:04:18 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/12 09:58:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\meridian.INI
[2008/06/11 20:32:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/06/11 20:31:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/06/10 16:51:56 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/10 16:50:55 | 000,579,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/10 16:03:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/10 15:58:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2007/02/05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/23 18:37:18 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACEncoder.dll
[2006/02/23 17:37:06 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\dsfVorbisDecoder.dll
[2006/02/23 17:36:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dsfOggDemux2.dll
[2006/02/23 17:35:56 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfOGMDecoder.dll
[2006/02/23 17:35:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsfNativeFLACSource.dll
[2006/02/23 17:35:40 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\dsfFLACDecoder.dll
[2006/02/23 17:34:58 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\libFLAC++.dll
[2006/02/23 17:34:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libFishSound.dll
[2006/02/23 17:34:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\libOOOggSeek.dll
[2006/02/23 17:34:26 | 001,108,480 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/02/23 17:34:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\libOOogg.dll
[2006/02/23 17:33:54 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,512,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,097,600 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 16:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 16:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL

< End of report >

I will send the other file in the next post.

Regards
secWEL
 
Hi

The OTL Extras file:

OTL Extras logfile created on: 04/07/2011 10:29:45 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\WEL\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.87% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 55.44 Gb Free Space | 56.77% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 123.37 Gb Free Space | 91.24% Space Free | Partition Type: NTFS
Drive G: | 53.09 Gb Total Space | 53.02 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 40.73 Gb Free Space | 83.41% Space Free | Partition Type: NTFS
Drive I: | 9.77 Gb Total Space | 8.33 Gb Free Space | 85.32% Space Free | Partition Type: NTFS
Drive J: | 9.77 Gb Total Space | 9.75 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive K: | 9.77 Gb Total Space | 9.35 Gb Free Space | 95.69% Space Free | Partition Type: NTFS
Drive L: | 9.77 Gb Total Space | 9.45 Gb Free Space | 96.76% Space Free | Partition Type: NTFS
Drive M: | 9.77 Gb Total Space | 9.71 Gb Free Space | 99.47% Space Free | Partition Type: NTFS
Drive N: | 78.12 Gb Total Space | 74.66 Gb Free Space | 95.57% Space Free | Partition Type: NTFS
Drive O: | 4.88 Gb Total Space | 4.86 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
Drive W: | 465.65 Gb Total Space | 346.90 Gb Free Space | 74.50% Space Free | Partition Type: FAT32

Computer Name: AMD2-3A4FB6A446 | User Name: WEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JESSOPS] -- "D:\Jessops.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)
"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F953C2-1934-4D5B-A464-BDA1E883894A}" = Serif PopArtPlus 1.0
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.0.9.3 UK Edition
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D" = Canon iP6700D
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BC44278-1474-47E0-A5D7-E08C017CF024}" = Getting Things Done Outlook Add-In
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{30BBE9FD-3D6D-4A32-A1BC-CA5BC8C3C993}" = Serif AlbumPlus X3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394958C2-8036-4385-81F5-B63F221D0DD0}" = InterVideo VirtualDrive
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = DVD Copy
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60A9D3B8-485B-493C-8F2E-FC99177E26A9}_is1" = Clifton StrengthsFinder Screen Saver 1.0
"{614C466C-EB3C-F9A0-B741-C726A81EAD1A}" = Market Samurai
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{64893BC9-D912-4A2D-A47A-E38650112781}" = Serif PanoramaPlus 3
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.6.2.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7070E859-68A6-4539-A629-58B06CBCACD4}" = Serif MoviePlus X3 Resources
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}" = Serif WebPlus X5
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}" = SigmaTel MSCN Audio Player
"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.0.0)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo XPack (Combo)
"{93C40A12-0098-46B1-972E-E8083686A7A0}" = Serif MoviePlus X5
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{9F367848-4A9C-4400-A17C-DCDF5C5537B8}" = Serif ImpactPlus 5.0 Resource CD-ROM
"{A2996B98-02BD-4779-93CC-E0A9EA52871F}" = Extensis Portfolio 8.5.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A415C47C-B1E1-4281-85C7-3E8AE2AAA03A}" = Paragon Hard Disk Manager 8.5 Professional
"{A69E9A1C-25C7-8B9B-18C0-3BE530BBEE23}" = Xtreme Traffic Arbitrage
"{A6AA9ABB-B7F8-49D6-9B2B-B7F5B6302D6A}" = Serif AlbumPlus X4
"{A72F9228-6931-4F89-A698-A94CFC4B312F}" = Kybtec World Clock 4.4.2.1
"{A8A42A57-2320-464B-9F5D-3F85089C4714}" = Serif MontagePlus 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources
"{A97C9EA2-8D23-412A-B9B4-146CEABE7A61}" = Serif Premium Template Pack for PagePlus
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACB7D6F2-71A2-44A3-A703-550FA65679D9}" = Guardian PC Security Tools
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AF6841FE-7A9D-45C1-ACE8-1BE7F2F6A027}" = ArcSoft TotalMedia Extreme
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"{BB8D0355-654B-4B6E-8D38-E61D2BB81EF8}" = SafeNSecure $TRIALSTR$
"{BBB567E6-73B5-40B1-B46C-9B13DA13A3A5}" = Serif ImpactPlus 5.0
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F6900E-AA65-4200-A62D-E917C6F67107}" = Serif DrawPlus X3 Resources
"{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}" = Serif Digital Scrapbook Artist
"{D5B2EBB1-F7D0-4F3E-A549-FEC4EFA81A6A}" = USB Disk Tool
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E01DFD45-F13A-4F12-AC38-8EEE2163E52E}" = Omron Health Management Software
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{EE070961-CDEB-4C73-BF95-D68B68C6129D}" = Quo v2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FD1B2E34-D0B7-4E8C-8CB9-435F545C776C}" = Serif DrawPlus X3
"{FE8E1858-8E73-4ACD-0001-393419DB8F1B}" = MyTube BigPack 4 HD
"{FF01F58F-A8B3-E2BD-45EB-E9CF29BC0B38}" = XTA Deluxe
"1190-3857-8766-9166" = PersonalBrain 5
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Chess School" = Advanced Chess School
"alotToolbar" = ALOT Toolbar
"ArtStudioProEssentials_is1" = ArtStudioProEssentials
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo Core Tuner_is1" = Ashampoo Core Tuner 1.20
"Ashampoo HDD Control_is1" = Ashampoo HDD Control 1.11
"Ashampoo Internet Accelerator 3_is1" = Ashampoo Internet Accelerator 3.20
"Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.40
"Ashampoo PowerUp 3_is1" = Ashampoo PowerUp 3.23
"Ashampoo Slideshow Studio 2010_is1" = Ashampoo Slideshow Studio 2010
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo UnInstaller 4_is1" = Ashampoo UnInstaller 4.04
"Ashampoo WinOptimizer 2009 Advanced_is1" = Ashampoo WinOptimizer 2009 Advanced
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Belarc Advisor" = Belarc Advisor 8.2
"Bibble Pro" = Bibble Pro
"Brain Bullet 2.0" = Brain Bullet 2.0
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"BT Yahoo! Applications" = BT Yahoo! Applications
"Business Dashboard 2.5" = Business Dashboard 2.5
"Canon iP6700D User Registration" = Canon iP6700D User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CD Data Rescue_is1" = CD Data Rescue 2.6
"ChaosPro 3.3" = ChaosPro 3.3
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.example.love.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = Xtreme Traffic Arbitrage
"com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = XTA Deluxe
"DAO 3.5" = DAO 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DTGDesktop" = Documents To Go Desktop for iPhone
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Fantasy Universe Screensaver" = Fantasy Universe Screensaver
"FileZilla Client" = FileZilla Client 3.2.8.1
"GanttProject" = GanttProject
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"Hardware Helper_is1" = Hardware Helper
"Harry's Filters_is1" = Harry's Filters 3.01
"huey_is1" = hueyPRO 1.5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D44AD63-8061-41A8-BCCD-23B7117E3C14}" = Corel DVD Copy 6
"InstallShield_{87C51198-5A95-4577-9F47-B953D862FA90}" = EPSON Status Monitor 2
"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master
"InstantStorm_is1" = InstantStorm 1.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Virtual Technician" = McAfee Virtual Technician
"MCU PDUiP6700DMon.exe" = Canon iP6700D Memory Card Utility
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = BT NetProtect Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0PR
"PCI Audio Driver" = PCI Audio Driver
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken Deluxe 2000" = Quicken Deluxe 2000
"RealPlayer 12.0" = RealPlayer
"SafeNSecure Password Manager" = SafeNSecure Password Manager
"ShareScope Gold" = ShareScope Gold
"ST6UNST #1" = uolmsDiag install
"Success Manager Pro_is1" = Success Manager Pro
"Taskimizer_is1" = Taskimizer
"The Action Machine_is1" = The Action Machine
"VB Decompiler Lite_is1" = VB Decompiler Lite
"VertusFluidMaskLite" = Vertus Fluid Mask Lite 1.0.2
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Wipe" = Web Wipe
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMerge_is1" = WinMerge 2.12.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1637723038-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.1.4
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/07/2011 04:26:15 | Computer Name = AMD2-3A4FB6A446 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 04/07/2011 05:16:58 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module
HWAPI.dll, version 11.5.109.0, fault address 0x0001a0f5.

Error - 04/07/2011 05:17:15 | Computer Name = AMD2-3A4FB6A446 | Source = Application Error | ID = 1001
Description = Fault bucket 1965432135.

[ OSession Events ]
Error - 01/04/2010 15:22:00 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 39566
seconds with 7080 seconds of active time. This session ended with a crash.

Error - 27/08/2010 06:50:42 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 419
seconds with 360 seconds of active time. This session ended with a crash.

Error - 13/10/2010 06:40:02 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 119
seconds with 60 seconds of active time. This session ended with a crash.

Error - 02/11/2010 14:11:50 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24780
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 16/11/2010 13:54:17 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29426
seconds with 4620 seconds of active time. This session ended with a crash.

Error - 23/02/2011 13:20:47 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1155
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 04/03/2011 17:10:39 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 36226
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 06/05/2011 12:07:35 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 387
seconds with 240 seconds of active time. This session ended with a crash.

Error - 19/06/2011 11:46:12 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3300
seconds with 120 seconds of active time. This session ended with a crash.

Error - 01/07/2011 16:12:28 | Computer Name = AMD2-3A4FB6A446 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 40201
seconds with 3060 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/07/2011 05:04:07 | Computer Name = AMD2-3A4FB6A446 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2

Error - 04/07/2011 05:07:29 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 04/07/2011 05:08:01 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/07/2011 05:17:33 | Computer Name = AMD2-3A4FB6A446 | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

I will reload McAfee and delete the Ashampoo toolbar; I don not know who Conduit are.

Question: Do you ever sleep? Your replies come so quickly that I suspect your always awake.

Many thanks
secWEL
 
Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808


:Services
nlwkxq

:Reg

:Files
c:\windows\system32\drivers\oxrsavq.sys 
c:\program files\alot



:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces.
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
 
Status
Not open for further replies.
Back
Top