PC has viruses

vista890

Member
Hi, our PC security has just detected 2 viruses, forgotten what they were called as I deleted them straight off. I've just been doing searches using Google, click on the search that I want and its taking me to totally different pages.
My security has blocked 3 programs since this has happened; they are..KLitehF Setup u,
WBKLiteG1 Setup n, and cKLitewi Setup. I have no idea what these are.
I'm currently running the Malwarebytes scan( which has already detected 9 objects infected) is there anything else I should do before posting the results? Thanks
 

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
Hello vista890 and welcome to the forums :party:

Can you do the following for me please:

CKScanner

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Attach the log CKFiles.txt that has been created on your desktop with your next post

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Please attach both OTL.txt and Extras.txt with your next post for me to analyse

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Hi, thanks so much for helping :) I've done the OTL scan, the results of this are below. I've tried to do the CKScanner one but it just keeps saying 'not responding' everytime I click on Search For Files :confused:


OTL logfile created on: 06/06/2011 22:26:33 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Carol\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 33.44% Memory free
3.98 Gb Paging File | 1.83 Gb Available in Paging File | 45.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.40 Gb Total Space | 22.11 Gb Free Space | 10.03% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 1.67 Gb Free Space | 13.36% Space Free | Partition Type: NTFS

Computer Name: PUTER2 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Carol\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\Carol\Desktop\CKScanner (5).exe ()
PRC - C:\Users\Carol\AppData\Local\Temp\Gmm.exe (Simon Tatham)
PRC - C:\Users\Carol\AppData\Local\Temp\Gmd.exe (Simon Tatham)
PRC - C:\WINDOWS\Gpykia.exe (Simon Tatham)
PRC - C:\Users\Carol\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\WINDOWS\KMService.exe ()
PRC - C:\WINDOWS\System32\srvany.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Virgin Media\Security\RPS.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Security\Fws.exe (Virgin Media)
PRC - C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Carol\Desktop\OTL (1).exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMSAccessU) -- File not found
SRV - (IDriverT) -- File not found
SRV - (KMService) -- C:\WINDOWS\System32\srvany.exe ()
SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll (S.C. BitDefender S.R.L)
SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Radialpoint Security Services) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SRV - (RP_FWS) -- C:\Program Files\Virgin Media\Security\Fws.exe (Virgin Media)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\System32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys (BitDefender S.R.L.)
DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )
DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )
DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )
DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )
DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\WINDOWS\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (AFGSp50) -- C:\WINDOWS\System32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 01:35:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/19 18:17:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 08:21:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 21:52:59 | 000,000,000 | ---D | M]

[2010/08/10 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions
[2010/08/10 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/20 17:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/03/21 15:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Firefox\Profiles\zknkrr93.default\extensions
[2010/08/11 11:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carol\AppData\Roaming\mozilla\Firefox\Profiles\zknkrr93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/24 20:04:56 | 000,001,832 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\searchplugins\bing.xml
[2011/02/24 17:50:07 | 000,002,374 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\searchplugins\search.xml
[2011/03/24 09:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 08:21:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/15 20:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/17 11:01:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/03/30 19:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/14 20:29:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 09:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 14:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/11 09:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 19:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/01/23 16:52:13 | 000,000,000 | ---D | M] (Facemoods) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/05/19 08:20:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/21 22:11:12 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 09:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 09:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 09:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [4ECYTQ9SIC] C:\Users\Carol\AppData\Local\Temp\Gmd.exe (Simon Tatham)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RGSC] File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Wedding Sunflowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Wedding Sunflowers.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/24 03:26:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 22:25:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL (1).exe
[2011/06/06 19:50:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/06 19:01:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/06 18:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Companion
[2011/06/06 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011/06/06 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\TuneUpMedia
[2011/06/06 18:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2011/06/06 18:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/06/06 18:23:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/06 18:20:57 | 000,162,816 | ---- | C] (Simon Tatham) -- C:\Windows\Gpykia.exe
[2011/06/06 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\party
[2011/06/06 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/05/29 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\OneNote Notebooks
[2011/05/29 16:01:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/05/29 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/05/29 15:42:12 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Microsoft
[2011/05/29 13:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/05/29 13:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/29 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/29 13:35:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/29 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/05/29 13:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/05/29 13:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/05/29 13:29:24 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\Microsoft Help
[2011/05/29 13:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/29 13:27:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/14 20:08:55 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2011/05/14 20:08:08 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2011/05/14 20:08:02 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/14 20:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011/05/14 20:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011/05/14 20:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media Security
[2011/05/13 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Carol\Paranormal.Activity.2.2010.UNRATED.DVDRip.XviD-Larceny
[2011/05/13 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\Carol\Paranormal Activity 1-2
[2011/05/11 21:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 21:57:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/05/11 21:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 21:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 21:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/11 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/11 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 22:34:54 | 000,453,632 | ---- | M] () -- C:\Users\Carol\Desktop\CKScanner.exe
[2011/06/06 22:24:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL (1).exe
[2011/06/06 21:46:32 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 21:46:32 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 21:00:01 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/06 20:47:01 | 000,000,238 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/06 20:41:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 20:41:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000UA.job
[2011/06/06 20:13:02 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/06/06 19:50:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/06 19:46:31 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 19:46:26 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\KJFTFQR.job
[2011/06/06 19:46:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 18:33:19 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/06/06 18:21:14 | 000,075,776 | RHS- | M] () -- C:\Windows\System32\mciseqp.dll
[2011/06/06 18:20:23 | 000,162,816 | ---- | M] (Simon Tatham) -- C:\Windows\Gpykia.exe
[2011/06/06 17:32:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/06/06 17:23:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/06/06 14:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000Core.job
[2011/06/06 13:47:07 | 000,002,044 | ---- | M] () -- C:\Users\Carol\Desktop\Google Chrome.lnk
[2011/06/06 13:47:07 | 000,002,006 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/05 23:51:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/06/05 23:26:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/05/30 11:39:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/05/30 11:39:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/05/30 11:17:45 | 000,454,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 16:03:05 | 000,001,059 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/05/29 16:01:27 | 000,000,898 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/29 13:37:42 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
[2011/05/29 13:37:42 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 18:15:10 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/05/28 18:15:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/05/27 14:10:30 | 000,005,334 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2011/05/27 12:06:56 | 000,001,356 | ---- | M] () -- C:\Users\Carol\AppData\Local\d3d9caps.dat
[2011/05/27 00:46:00 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/05/16 14:29:24 | 216,801,477 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/15 12:13:44 | 007,109,396 | ---- | M] () -- C:\Users\Carol\Desktop\Take That-Love Love.mp3
[2011/05/15 10:35:21 | 010,016,866 | ---- | M] () -- C:\Users\Carol\Desktop\Lady Gaga-Judas.mp3
[2011/05/14 20:08:02 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/14 20:06:59 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/14 13:50:16 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCarol.job
[2011/05/11 21:57:25 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/11 21:52:37 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 22:35:01 | 000,453,632 | ---- | C] () -- C:\Users\Carol\Desktop\CKScanner.exe
[2011/06/06 18:33:19 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/06/06 18:21:20 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\KJFTFQR.job
[2011/06/06 18:21:14 | 000,075,776 | RHS- | C] () -- C:\Windows\System32\mciseqp.dll
[2011/06/06 18:21:00 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/06/06 18:20:32 | 000,000,238 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/06 18:20:27 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/05/29 16:03:05 | 000,001,059 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/05/29 16:01:27 | 000,000,898 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/29 13:39:32 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/05/29 13:39:32 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/05/14 20:06:59 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/14 19:28:21 | 010,016,866 | ---- | C] () -- C:\Users\Carol\Desktop\Lady Gaga-Judas.mp3
[2011/05/11 21:57:25 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/11 21:52:37 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/11 21:46:27 | 007,109,396 | ---- | C] () -- C:\Users\Carol\Desktop\Take That-Love Love.mp3
[2011/02/21 15:35:36 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/18 21:48:53 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/10/31 17:14:21 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2010/05/29 16:49:03 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/04/19 18:17:09 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/04 21:08:51 | 000,000,049 | -H-- | C] () -- C:\Users\Carol\AppData\Local\rec02.dat
[2010/03/20 16:41:24 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/03/20 16:16:48 | 000,201,692 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/03/10 11:37:03 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/07 11:40:03 | 000,005,084 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010/01/28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/24 17:34:32 | 099,969,166 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\Zuma's Revenge!.exe
[2009/11/06 19:05:51 | 000,148,840 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/11/06 19:05:25 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/11/04 18:24:53 | 000,029,696 | ---- | C] () -- C:\Windows\System32\pthread.dll
[2009/10/23 15:42:53 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/09/27 13:29:04 | 115,107,360 | ---- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/26 13:52:29 | 000,032,256 | -H-- | C] () -- C:\Users\Carol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 00:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/19 00:19:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/10 21:31:48 | 000,005,334 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 11:11:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/29 00:48:59 | 000,001,356 | ---- | C] () -- C:\Users\Carol\AppData\Local\d3d9caps.dat
[2009/06/11 04:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/05/30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/10/24 03:41:26 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/10/24 03:27:13 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/10/24 03:02:15 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/10/24 03:02:15 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,454,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/03/17 10:29:38 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll

========== LOP Check ==========

[2010/11/13 21:01:33 | 000,000,000 | -HSD | M] -- C:\Users\Carol\AppData\Roaming\.#
[2011/04/22 14:57:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\.minecraft
[2009/08/16 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\7Wonders
[2010/12/13 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Amazon
[2010/04/17 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Arkadium
[2011/03/25 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Atari
[2011/06/06 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Azureus
[2011/06/06 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\BitTorrent
[2011/06/06 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/11/17 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\CupcakeCafe
[2011/02/27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\DAEMON Tools Pro
[2011/01/30 12:10:56 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\dream-avi-to-wmv
[2010/12/22 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\FreeBurner
[2010/09/26 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\FreezeTag
[2011/02/11 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\funkitron
[2010/10/03 20:21:49 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\GetRightToGo
[2010/06/02 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\IcoFX
[2009/11/06 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Image Zone Express
[2009/11/14 16:41:46 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\iWin
[2009/08/11 00:47:00 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Magic Academy
[2010/03/07 11:33:49 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\NCH Swift Sound
[2011/04/05 09:40:44 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PhotoSync
[2011/01/29 01:59:21 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PlayFirst
[2009/11/06 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Printer Info Cache
[2011/02/21 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ProtectDISC
[2010/04/18 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Radialpoint
[2010/01/20 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SecondLife
[2011/01/31 21:05:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SulusGames
[2010/10/30 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Super-Cow
[2011/02/22 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SystemRequirementsLab
[2009/08/10 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Template
[2011/01/31 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\TripleHippo
[2011/06/06 18:32:10 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\TuneUpMedia
[2010/12/22 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ValuSoft
[2010/01/10 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ViquaSoft
[2011/05/14 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Virgin Media
[2010/03/06 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\VistaCodecs
[2009/11/18 22:26:25 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Wildgames_JanesRealty
[2009/07/30 01:29:14 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\WinBatch
[2010/05/31 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\World-Loom
[2009/11/08 14:24:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\YoudaGames
[2011/05/30 11:39:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/05 23:51:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/06 17:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/05/28 18:15:09 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/06/06 17:32:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/05/30 11:39:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/06/05 23:26:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/28 18:15:10 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/06/06 19:46:26 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\KJFTFQR.job
[2011/06/06 19:43:43 | 000,032,556 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2011/06/06 20:47:01 | 000,000,238 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/06/06 21:00:01 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/06/06 20:13:02 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/09/27 13:27:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/09/27 13:27:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5095D8B1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABD3B354
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6B86037F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A6881EE7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1

< End of report >

Extras...

OTL Extras logfile created on: 06/06/2011 22:26:33 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Carol\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 33.44% Memory free
3.98 Gb Paging File | 1.83 Gb Available in Paging File | 45.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.40 Gb Total Space | 22.11 Gb Free Space | 10.03% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 1.67 Gb Free Space | 13.36% Space Free | Partition Type: NTFS

Computer Name: PUTER2 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE55879-71B6-46D3-90F6-A395A840BA95}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E2BC1B3-AB13-4B27-8115-CF9F791E9484}" = rport=139 | protocol=6 | dir=out | app=system |
"{129B21C3-FDF7-4258-9207-0D7471CE2309}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{134DBDB6-A4A0-4402-B3FC-E3D564DF8A86}" = rport=138 | protocol=17 | dir=out | app=system |
"{146EA1C9-997B-495A-8D9E-96265A59338C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EE2D4C3-7129-44FF-A120-722DD2C27DE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22277EF0-BB3C-4A8E-92ED-7C0270863421}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2256704B-F5DE-4BC9-8CB6-7A30417E8F8A}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
"{28B4354E-4DDE-42B7-B037-CE2C6EB9A40F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2B283DD4-D1F1-410B-A186-F9E6A06C5A7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C4F4028-FBF4-45AE-94EB-E0E1AF63EDB4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{3A7D4705-D81C-478F-AD93-DC9456CC69D4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3B4316AD-B71F-4CF1-B30F-24674666916F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3C161637-BF48-4522-A8C9-C51DDBE2B649}" = rport=10244 | protocol=6 | dir=out | app=system |
"{3F5460A8-3063-478B-8071-65ED9A5B4FC5}" = lport=445 | protocol=6 | dir=in | app=system |
"{4CBE5E8D-097E-4455-9901-1E2FD0FCB830}" = rport=137 | protocol=17 | dir=out | app=system |
"{53F2909E-9C35-481E-896B-FF48688C6B08}" = lport=10244 | protocol=6 | dir=in | app=system |
"{5681B25A-01A6-4678-A653-0609FEB9C8E4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{65349D49-B6E4-4338-8F14-9F3EC2A20BD3}" = lport=3390 | protocol=6 | dir=in | app=system |
"{687BFC5B-9C86-473C-9B4C-FE4C64145B27}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{68E91D62-5AA8-469F-822A-4918907D6AA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A328E30-3C31-4EFC-8EB8-79C1FF000A08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{78E3F51A-EBE6-4EA8-A700-918E4EF8DD69}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7CA921C5-9634-4FB0-9AF3-8D1E3B850579}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FD8D3B6-D563-43BC-9507-EA53B1F71C86}" = lport=138 | protocol=17 | dir=in | app=system |
"{8525A97B-167E-4634-83A0-C8FA49D9ADCE}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{8E4DA280-8E0A-4DDD-ADA8-E99525692F76}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A509BE49-17B0-4136-8D9A-DC894C45441C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A5A51092-1C10-4CA1-B4B7-E8B9DACE5303}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AE252249-BF7D-476A-A98C-04C12003B158}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AEDB0F23-5571-4729-8E55-068FAA3F5851}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4118ED7-11EF-44AD-ABA6-F33F4B8309D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CD869288-B8DD-4F38-B189-B9FB9B8FC62A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE66F5E4-BD94-4D8A-97BB-52F0678D218B}" = lport=139 | protocol=6 | dir=in | app=system |
"{D026AA74-208E-4085-9A8F-C3F7C1369D92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF8A8DA-F41A-4676-8C2B-0F6B040284CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE83B104-B607-4858-A155-EE22483E0325}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{ECAFED1F-92D0-4124-AEEF-D0762473464D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F773968C-1FA1-4842-B411-3321B8C0D8DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB94FCB5-804A-44B7-89B7-F136170E5CD7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A773E45-4A73-4074-B34E-2448915E331D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0C89CD2A-4F90-4672-8A1B-C04644AE4638}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{0E41641F-0C5F-451F-B1DD-29AE6C49C48F}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{18010847-7A85-4FAC-9F96-982B9C57996F}" = protocol=58 | dir=out | [email protected],-28546 |
"{1DE389F0-ABD1-4C6A-BB7F-B0AB837EE439}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{2199EE13-4A86-4125-94F5-7FFBC33F30E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{252FF94C-F5CA-4C7C-9F6A-9BA46C576BCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{26E119F0-1AEA-410E-AE5F-6C5ACD827CFC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2BAD669C-93ED-47B6-B28A-DE24307EA5BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{311A957C-AA85-4D29-9A7F-3B6CA291B65C}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{32A8C9BB-DFBB-49A8-A30C-C16B657EF691}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{36E7C570-D354-4FB9-9158-0A3064514FE3}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3B47072C-FCC3-49CF-8F8F-BD3D2827A1D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{405B7DD4-A9BB-4087-B0CA-31146D7A5244}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{4265D8AD-E823-42C5-ADFE-E5716EA5AA51}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{464738E7-CD9E-4EE3-928A-D80BE73B97B2}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{48D4CE5D-D10F-4C65-84CE-BF19626B1C39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{4FAEC9E2-47D7-4C81-8A94-68093533C7D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5546A050-172D-4B63-A4BC-E2DE40EBA59C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{56110AB8-D2D5-4D8C-85B3-AB4A08A6DFA1}" = dir=in | app=e:\setup\hpznui01.exe |
"{5749B140-977E-4A99-9354-00ABD6CEDB28}" = protocol=1 | dir=in | [email protected],-28543 |
"{59B3D339-19FA-4120-8A47-632018472C7B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{61F00CCF-B1DA-42FF-A547-C3145EBC50F9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{62C35241-D668-457B-BEE3-8573A2DE989F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6DB0ABF4-B644-4DC5-820B-0429AF77742F}" = protocol=58 | dir=in | [email protected],-28545 |
"{71515F57-0A2C-45AB-BCE2-51C66E16EBB3}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{71949204-F668-4AB2-9FBA-F0705EED4E67}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{71F3B668-E1F9-422C-9996-EC6CBB7F6AAC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{7390053E-4B67-4816-8647-39DBBAC4785F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7F39C6B2-93A6-400E-A862-B9F93674FCAC}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{852568F9-49C7-489C-9283-D63AB5DF4728}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{85CBE8FD-90DD-4C3B-98BD-327155D176CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{8E68D223-F0E7-46FB-A120-DECABF1812AE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9114AD8F-2176-41DB-9188-5780CC2450E5}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{913F021B-2C43-4885-8A2E-9431C6199B08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9C945AFA-A16B-4D04-96C0-88DC28156D95}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{9D180108-9389-4543-AD8A-D991D2C8E6EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9F9A4F5B-FE4B-436D-813F-3EEDD87BEB5A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{A04542D0-A267-4823-BE12-5F3712FA7B64}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A98EA45C-60A5-42DA-BEA8-20646ACB4877}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AA34EED3-524A-46EA-B0E3-E642BFA9DD2A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AA67FF6C-05DC-4BC1-B378-F3675ED5185B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AC98752E-576E-424F-B19B-CF8E1B6E2EF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{ADB533BF-BC44-43EC-9562-D27EAF3E6B19}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{B1FEBE66-FD3D-4D5C-8C5A-6B16D68781CE}" = protocol=1 | dir=out | [email protected],-28544 |
"{B2FBC752-AAA9-475C-84F8-0168CEE89C37}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B6DA9E82-12D3-49EA-829D-8A3E8D5DED1B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BFF5A511-35CC-4718-9D40-23F1D587E052}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CB4A1FE7-4D05-4567-A081-C249511F0479}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CF44B690-6540-4020-A509-8B46900E2E26}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{CF900D40-F703-4D4A-8E98-6258105C924C}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{D5353CF3-CCCA-4E50-A2FB-3ACF305BC7C3}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D8AD9EC4-D42A-4096-853E-A9F7745D3EB7}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe |
"{D940F283-BE23-4276-82BA-D5B9C3BE22BD}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E2BEFA16-CA56-423A-BD71-884B1EE0408F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E4ACD2B4-987A-4766-90F4-C43FD194E104}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E7547AEF-B0EE-4D55-87C5-E7A7A7066E4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{EE8D7613-D906-4CB1-A242-7B6EF251F7A2}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{F216BF06-E7B2-470B-8B68-A3764039C243}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{F290678B-FED7-4415-8125-EC267371579B}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{F55E83AD-AD19-4A18-B76F-A72E12A4D420}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{FA66E459-F309-4630-BCAD-A5013401F199}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{FE20E896-31B5-4416-B1C4-2BFAFEE133EF}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AD839E7-BFA7-4796-B2CA-B1D824ECCDF7}" = Virgin Media Security
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{714048C6-7703-4059-A8EC-17B31AAB73A2}" = RPS RpsCore
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119579387}" = Bejeweled 3
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A4085D4F-712A-4476-A300-D80553446765}" = Greeting Card Factory Deluxe
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}" = The Sims Complete Collection
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"7-Zip" = 7-Zip 9.14 beta
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Bejeweled 31.0" = Bejeweled 3
"CdCoverCreator" = CdCoverCreator 2.5.2
"Diner Dash 2" = Diner Dash 2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"Emergency 2012" = Emergency 2012
"ExtractNow_is1" = ExtractNow
"Fire Department 3" = Fire Department 3
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 6.0.1
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = HP OCR Software 8.0
"IcoFX_is1" = IcoFX 1.6.4
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Jewel Quest II" = Jewel Quest II (remove only)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mahjongg Dimensions Deluxe 1.00" = Mahjongg Dimensions Deluxe 1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PowerISO" = PowerISO
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.19
"TuneUpMedia" = TuneUp Companion 2.0.9
"Wedding Dash 2 - Rings Around the World1.0" = Wedding Dash 2 - Rings Around the World
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR 4.00 beta 7 (32-bit)
"WT088983" = Real Detectives - Murder in Miami
"WTA-0004007b-c943-4699-83b0-ad373acf25ee" = John Deere Drive Green
"WTA-091dbc56-f7ba-4cb1-bab6-46e75abbce4e" = Secret of the Magic Crystals
"WTA-0a3bf92d-93da-4512-8503-ac9fb15fc31b" = Paradise Pet Salon
"WTA-0e007445-141a-43ad-9b8d-90c1bda986c2" = Barnyard Invasion
"WTA-134e50f2-58e3-45f9-90fc-cfd7fc743339" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-13e834cd-6303-4dba-ab60-934e80b91f24" = Bejeweled Twist
"WTA-265287bc-f7d4-4573-a09f-f750b2c4c2f7" = Astroslugs
"WTA-28db7e2b-d3c0-41f7-8309-5d7feba92a14" = Letters from Nowhere
"WTA-2aa56cd9-dccf-4ca4-ac81-8516566abebb" = Frogs vs. Storks
"WTA-31543c80-6934-4ad5-a42b-f7dde95ae114" = Airport Mania 2: Wild Trips
"WTA-344189f1-4195-427f-989c-967e637f6e2c" = A Magnetic Adventure
"WTA-366acaa2-eeb2-4808-b076-21766806c433" = The Tarot's Misfortune
"WTA-572dbbb7-f605-4382-90b1-65f161f5adef" = FunPark Beach Blast
"WTA-695142ff-3957-4313-9dce-78423d5b4cc1" = Farmers Market
"WTA-6df2bb54-db38-4709-8d76-5f4b3ae71546" = 3 Days: Amulet Secret
"WTA-751000a4-e97e-4ee5-bbc5-73323d65a759" = iCarly iSock it to 'Em
"WTA-798c9d98-e870-4ef9-924b-e56a0ac632a5" = Chainz Galaxy
"WTA-7f828700-11d6-4aa9-9abf-c82e8606905a" = Jane's Hotel
"WTA-8186c45f-0ccc-4203-8048-423d5ecdafb8" = Super Granny 6
"WTA-9b9a9bcc-b208-4879-a212-d4bdc2b2f204" = Vesuvia
"WTA-a115d183-05b8-4d49-9eac-0fa4c60a07f1" = Tulula: Legend of a Volcano
"WTA-b24027d6-b4db-422e-bf20-e113bb293f46" = Supercow
"WTA-bc0d9816-ef00-4057-ab3f-72dfe2b05ec9" = Knightfall: Death and Taxes
"WTA-c1a6ad5c-0ae2-4303-aaed-244644ad4adb" = Summer Tri-Peaks Solitaire
"WTA-c66ed5af-5173-47b7-a99c-b72a3c914939" = Diaper Dash
"WTA-cb3dd364-0697-46fd-b11a-cacc35884cbd" = Soap Opera Dash
"WTA-ce9364f7-a111-4a96-8c61-31ef5c4d0904" = Gems Quest
"WTA-dae4ce74-e850-48f7-ba93-e81852a9f603" = Bejeweled 3
"WTA-e17b001d-2183-4fb2-9542-ae659135bffc" = Doggie Dash
"WTA-eb310a7e-7ef2-4905-8fe1-74ac03658190" = Astro Avenger
"WTA-f4cef322-1839-4cf5-9172-3fd4812e87d4" = WWII Tank Commander
"Yenka" = Yenka
"Zuma's Revenge!" = Zuma's Revenge!
"Zuma's Revenge!1.0" = Zuma's Revenge!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2010 13:02:02 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/10/2010 13:02:02 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2169

Error - 07/10/2010 13:02:02 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2169

Error - 07/10/2010 13:02:03 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/10/2010 13:02:03 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198

Error - 07/10/2010 13:02:03 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198

Error - 07/10/2010 13:02:04 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 07/10/2010 13:02:04 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4228

Error - 07/10/2010 13:02:04 | Computer Name = Puter2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4228

Error - 08/10/2010 08:50:28 | Computer Name = Puter2 | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 12/01/2010 06:11:42 | Computer Name = Puter2 | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/01/2010 12:53:53 | Computer Name = Puter2 | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 06/06/2011 08:28:14 | Computer Name = Puter2 | Source = Service Control Manager | ID = 7026
Description =

Error - 06/06/2011 08:34:45 | Computer Name = Puter2 | Source = Service Control Manager | ID = 7022
Description =

Error - 06/06/2011 13:18:43 | Computer Name = Puter2 | Source = bowser | ID = 8003
Description =

Error - 06/06/2011 13:20:23 | Computer Name = Puter2 | Source = Service Control Manager | ID = 7034
Description =

Error - 06/06/2011 14:41:47 | Computer Name = Puter2 | Source = DCOM | ID = 10010
Description =

Error - 06/06/2011 14:42:27 | Computer Name = Puter2 | Source = DCOM | ID = 10010
Description =

Error - 06/06/2011 14:46:27 | Computer Name = Puter2 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 00225F3B4D8B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/06/2011 14:47:55 | Computer Name = Puter2 | Source = Service Control Manager | ID = 7000
Description =

Error - 06/06/2011 14:47:55 | Computer Name = Puter2 | Source = Service Control Manager | ID = 7026
Description =

Error - 06/06/2011 14:53:25 | Computer Name = Puter2 | Source = Service Control Manager | ID = 7022
Description =


< End of report >
 

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
I'm logging off now but I'll have a look at the OTL log tomorrow. In the mean time can you post the MBAM log for me please. As for CKScanner, run it but don't click on it until it has finished. It is prone to freezing because it doesn't have any background handlers, run it and be patient :)

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Also, where did you get your copy of Windows and Microsoft Office from?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
The CKScanner is still stuck on (not responding) and I'll post the results from the MBAM as soon as its finished :)
Windows came already installed with the PC (which we've had for a few years, think were deffo ready for a new one!) and I think a friend put Microsoft Office on, or my little brother might have put it on I'm not sure (don't use it anyway) He's always messing about with stuff on it! :(
Is the Internet search something to do with a virus? Loads of times tonight I've clicked onto something and it's redirected me to loads of different pages :\

Malwarebytes has now been scanning for 12hours, should it be taking this long or is something wrong? :\
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
Okay, well if it still isn't responding after an hour or so just close it. The time that a MBAM scan takes depends on the number of files that you have on your computer, just post the results upon completion. It looks as if whoever put it on has put an illegal copy of it on and its been activated using a KMS activator.

Can you run a scan with HijackThis for me please?

Your brother needs to stay away from file sharing websites, such as the pirate bay (where he downloaded Paranormal Activity 2 from) because these downloads are usually laced with viruses and the likes - and problems like the ones you've got now arise. If you're happy with it, after we've removed these viruses, we can prevent him from accessing such torrent sites?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
I started scanning using HijackThis, but it froze (the pc is running really slow with the other scan still running.) I ended up closing HijackThis to try again but now it just says 'HijackThis is already running' I'll have to wait til the MBAM sacn has finished to restart the pc and try again.
The MBAM sacn is still running after 20 hours, the computer is VERY full though, there's only 21.6GB left out of 220GB, hopefully I'll have the results to post back soon.
 

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
Okay, just post back when MBAM finishes

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
MBAM Results

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6788

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

07/06/2011 17:19:24
mbam-log-2011-06-07 (17-19-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 740570
Time elapsed: 21 hour(s), 4 minute(s), 8 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
c:\Users\Carol\AppData\Local\Temp\Gmm.exe (Trojan.Downloader) -> 1532 -> No action taken.
c:\WINDOWS\Gpykia.exe (Trojan.Downloader) -> 1496 -> No action taken.
c:\Users\Carol\AppData\Local\Temp\Gmd.exe (Trojan.Downloader) -> 2056 -> No action taken.
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> 3096 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ECYTQ9SIC (Trojan.Downloader) -> Value: 4ECYTQ9SIC -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Carol\AppData\Local\Temp\Gmm.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Gpykia.exe (Trojan.Downloader) -> No action taken.
c:\Users\Carol\AppData\Local\Temp\Gmd.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Carol\Desktop\microsoft\stuff\mini-kms_activator_v1.053.exe (PUP.Hacktool.Office) -> No action taken.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.

Do I need to select all the infections and remove them? One of them isn't ticked as shown in the pic below..
 

Attachments

  • malwarebytes pic.jpg
    malwarebytes pic.jpg
    134.3 KB · Views: 53

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
That's good, in your OTL log I saw these two files:

c:\Users\Carol\AppData\Local\Temp\Gmm.exe
c:\Users\Carol\AppData\Local\Temp\Gmd.exe

And they were the only thing that I could see that was suspicious, I tried researching them but nothing came up. I'm glad that's been cleared up :)

Yes delete the lot, reboot then run another full MBAM scan. I know this is going to take ages, but we can't take any risks when malware is at stake. Also, can you run OTL again for me please?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Ok, I clicked to delete the lot and it popped up saying 'Certain items could not be removed A log file has been saved to the logs folder' this is shown below.. (I then rebooted computer)


Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6788

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

07/06/2011 17:37:12
mbam-log-2011-06-07 (17-37-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 740570
Time elapsed: 21 hour(s), 4 minute(s), 8 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
c:\Users\Carol\AppData\Local\Temp\Gmm.exe (Trojan.Downloader) -> 1532 -> Unloaded process successfully.
c:\WINDOWS\Gpykia.exe (Trojan.Downloader) -> 1496 -> Unloaded process successfully.
c:\Users\Carol\AppData\Local\Temp\Gmd.exe (Trojan.Downloader) -> 2056 -> Unloaded process successfully.
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> 3096 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ECYTQ9SIC (Trojan.Downloader) -> Value: 4ECYTQ9SIC -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Carol\AppData\Local\Temp\Gmm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Gpykia.exe (Trojan.Downloader) -> Delete on reboot.
c:\Users\Carol\AppData\Local\Temp\Gmd.exe (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\Users\Carol\Desktop\microsoft\stuff\mini-kms_activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Delete on reboot.

I'll now try the HijackThis scan again and do another MBAM and OTL scan :)
 

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
The HijackThis scan popped up with a window as shown below, but theres no option to click 'run as administrator' ...also, with the OTL sacn, do I need to select the same options on it as you instructed earlier?

....the HijackThis scan continued (without running as administrator) the saved log from this is below..


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:10:18, on 07/06/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Media\Security\rps.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Users\Carol\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\hp\kbd\kbd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\rundll32.exe
C:\Users\Carol\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?pc=BBSR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=84&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VideoCam Suite.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HsdService - Virgin Media - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Users\Carol\AppData\Local\Temp\{A831D711-88DF-47AF-9C8A-101D37FC879E}\NMSAccessU.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Virgin Media Security (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: Virgin Media Security Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Media\Security\Fws.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11362 bytes
 

Attachments

  • hijackthis pic.jpg
    hijackthis pic.jpg
    61.6 KB · Views: 15

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
Close HijackThis, right click on the icon for the program and select run as administrator. Yes please :)

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
OTL scan results...

OTL logfile created on: 07/06/2011 18:20:20 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Carol\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 23.93% Memory free
3.98 Gb Paging File | 2.50 Gb Available in Paging File | 62.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.40 Gb Total Space | 21.77 Gb Free Space | 9.88% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 1.67 Gb Free Space | 13.36% Space Free | Partition Type: NTFS

Computer Name: PUTER2 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Carol\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\Carol\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Virgin Media\Security\RPS.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Security\Fws.exe (Virgin Media)
PRC - C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Carol\Desktop\OTL (1).exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMSAccessU) -- File not found
SRV - (IDriverT) -- File not found
SRV - (KMService) -- C:\WINDOWS\System32\srvany.exe ()
SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll (S.C. BitDefender S.R.L)
SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Radialpoint Security Services) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SRV - (RP_FWS) -- C:\Program Files\Virgin Media\Security\Fws.exe (Virgin Media)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\System32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys (BitDefender S.R.L.)
DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )
DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )
DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )
DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )
DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\WINDOWS\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (AFGSp50) -- C:\WINDOWS\System32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 01:35:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/19 18:17:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 08:21:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 21:52:59 | 000,000,000 | ---D | M]

[2010/08/10 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions
[2010/08/10 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/20 17:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/03/21 15:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Firefox\Profiles\zknkrr93.default\extensions
[2010/08/11 11:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carol\AppData\Roaming\mozilla\Firefox\Profiles\zknkrr93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/24 20:04:56 | 000,001,832 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\searchplugins\bing.xml
[2011/02/24 17:50:07 | 000,002,374 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\searchplugins\search.xml
[2011/03/24 09:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 08:21:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/15 20:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/17 11:01:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/03/30 19:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/14 20:29:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 09:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 14:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/11 09:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 19:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/01/23 16:52:13 | 000,000,000 | ---D | M] (Facemoods) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/05/19 08:20:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/21 22:11:12 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 09:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 09:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 09:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RGSC] File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Wedding Sunflowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Wedding Sunflowers.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/24 03:26:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/07 15:40:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/07 15:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/06 22:25:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL (1).exe
[2011/06/06 20:04:56 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/06 20:04:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/06 20:04:55 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/06 20:04:54 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/06 20:04:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/06 20:04:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/06 20:04:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/06 20:04:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/06 20:04:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/06 20:04:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/06 20:04:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/06 20:04:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/06 20:04:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/06 20:04:50 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/06 20:04:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/06/06 20:04:50 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/06 20:04:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/06 20:04:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/06 20:04:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/06 20:04:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/06 20:04:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/06 20:04:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/06 20:04:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/06 20:04:47 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/06 20:04:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/06 20:04:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/06 20:04:45 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/06 20:04:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/06 20:04:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/06 20:04:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/06 20:04:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/06 20:04:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/06 20:04:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/06 20:04:44 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/06 20:04:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/06 20:04:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/06 20:04:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/06 20:04:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/06 20:04:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/06/06 19:50:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/06 19:01:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/06 18:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Companion
[2011/06/06 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011/06/06 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\TuneUpMedia
[2011/06/06 18:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2011/06/06 18:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/06/06 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\party
[2011/06/06 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/05/29 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\OneNote Notebooks
[2011/05/29 16:01:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/05/29 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/05/29 15:42:12 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Microsoft
[2011/05/29 13:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/05/29 13:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/29 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/29 13:35:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/29 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/05/29 13:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/05/29 13:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/05/29 13:29:24 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\Microsoft Help
[2011/05/29 13:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/29 13:27:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/14 20:08:55 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2011/05/14 20:08:08 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2011/05/14 20:08:02 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/14 20:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011/05/14 20:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011/05/14 20:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media Security
[2011/05/13 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Carol\Paranormal.Activity.2.2010.UNRATED.DVDRip.XviD-Larceny
[2011/05/13 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\Carol\Paranormal Activity 1-2
[2011/05/11 21:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 21:57:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/05/11 21:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 21:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 21:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/11 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/11 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 17:58:12 | 000,002,483 | ---- | M] () -- C:\Users\Carol\Desktop\HiJackThis.lnk
[2011/06/07 17:47:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 17:44:43 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\KJFTFQR.job
[2011/06/07 17:44:42 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 17:44:42 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 17:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 22:24:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL (1).exe
[2011/06/06 20:41:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 20:41:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000UA.job
[2011/06/06 20:04:56 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/06 20:04:56 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/06 20:04:55 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/06 20:04:54 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/06 20:04:54 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/06 20:04:54 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/06 20:04:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/06 20:04:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/06 20:04:51 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/06 20:04:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/06 20:04:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/06 20:04:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/06 20:04:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/06 20:04:50 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/06 20:04:50 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/06/06 20:04:50 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/06 20:04:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/06 20:04:50 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/06 20:04:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/06 20:04:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/06 20:04:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/06 20:04:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/06 20:04:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/06 20:04:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/06 20:04:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/06 20:04:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/06 20:04:45 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/06 20:04:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/06 20:04:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/06 20:04:45 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/06 20:04:45 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/06 20:04:44 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/06 20:04:44 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/06 20:04:44 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/06 20:04:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/06 20:04:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/06 20:04:43 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/06 20:04:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/06 20:04:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/06/06 19:50:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/06 18:33:19 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/06/06 18:21:14 | 000,075,776 | RHS- | M] () -- C:\Windows\System32\mciseqp.dll
[2011/06/06 17:32:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/06/06 17:23:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/06/06 14:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000Core.job
[2011/06/06 13:47:07 | 000,002,044 | ---- | M] () -- C:\Users\Carol\Desktop\Google Chrome.lnk
[2011/06/06 13:47:07 | 000,002,006 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/05 23:51:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/06/05 23:26:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/05/30 11:39:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/05/30 11:39:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/05/30 11:17:45 | 000,454,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 16:03:05 | 000,001,059 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/05/29 16:01:27 | 000,000,898 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/29 13:37:42 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 18:15:10 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/05/28 18:15:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/05/27 14:10:30 | 000,005,334 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2011/05/27 12:06:56 | 000,001,356 | ---- | M] () -- C:\Users\Carol\AppData\Local\d3d9caps.dat
[2011/05/27 00:46:00 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/05/16 14:29:24 | 216,801,477 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/15 12:13:44 | 007,109,396 | ---- | M] () -- C:\Users\Carol\Desktop\Take That-Love Love.mp3
[2011/05/15 10:35:21 | 010,016,866 | ---- | M] () -- C:\Users\Carol\Desktop\Lady Gaga-Judas.mp3
[2011/05/14 20:08:02 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/14 20:06:59 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/14 13:50:16 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCarol.job
[2011/05/11 21:57:25 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/11 21:52:37 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 15:46:05 | 000,002,483 | ---- | C] () -- C:\Users\Carol\Desktop\HiJackThis.lnk
[2011/06/06 18:33:19 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/06/06 18:21:20 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\KJFTFQR.job
[2011/06/06 18:21:14 | 000,075,776 | RHS- | C] () -- C:\Windows\System32\mciseqp.dll
[2011/05/29 16:03:05 | 000,001,059 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/05/29 16:01:27 | 000,000,898 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/29 13:39:32 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/05/14 20:06:59 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/14 19:28:21 | 010,016,866 | ---- | C] () -- C:\Users\Carol\Desktop\Lady Gaga-Judas.mp3
[2011/05/11 21:57:25 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/11 21:52:37 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/11 21:46:27 | 007,109,396 | ---- | C] () -- C:\Users\Carol\Desktop\Take That-Love Love.mp3
[2011/02/21 15:35:36 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/18 21:48:53 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/10/31 17:14:21 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2010/05/29 16:49:03 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/04/19 18:17:09 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/04 21:08:51 | 000,000,049 | -H-- | C] () -- C:\Users\Carol\AppData\Local\rec02.dat
[2010/03/20 16:41:24 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/03/20 16:16:48 | 000,201,692 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/03/10 11:37:03 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/07 11:40:03 | 000,005,084 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010/01/28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/24 17:34:32 | 099,969,166 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\Zuma's Revenge!.exe
[2009/11/06 19:05:51 | 000,148,840 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/11/06 19:05:25 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/11/04 18:24:53 | 000,029,696 | ---- | C] () -- C:\Windows\System32\pthread.dll
[2009/10/23 15:42:53 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/09/27 13:29:04 | 115,107,360 | ---- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/26 13:52:29 | 000,032,256 | -H-- | C] () -- C:\Users\Carol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 00:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/19 00:19:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/10 21:31:48 | 000,005,334 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 11:11:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/29 00:48:59 | 000,001,356 | ---- | C] () -- C:\Users\Carol\AppData\Local\d3d9caps.dat
[2009/06/11 04:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/05/30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/10/24 03:41:26 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/10/24 03:27:13 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/10/24 03:02:15 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/10/24 03:02:15 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,454,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/03/17 10:29:38 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll

========== LOP Check ==========

[2010/11/13 21:01:33 | 000,000,000 | -HSD | M] -- C:\Users\Carol\AppData\Roaming\.#
[2011/04/22 14:57:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\.minecraft
[2009/08/16 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\7Wonders
[2010/12/13 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Amazon
[2010/04/17 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Arkadium
[2011/03/25 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Atari
[2011/06/06 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Azureus
[2011/06/06 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\BitTorrent
[2011/06/06 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/11/17 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\CupcakeCafe
[2011/02/27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\DAEMON Tools Pro
[2011/01/30 12:10:56 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\dream-avi-to-wmv
[2010/12/22 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\FreeBurner
[2010/09/26 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\FreezeTag
[2011/02/11 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\funkitron
[2010/10/03 20:21:49 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\GetRightToGo
[2010/06/02 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\IcoFX
[2009/11/06 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Image Zone Express
[2009/11/14 16:41:46 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\iWin
[2009/08/11 00:47:00 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Magic Academy
[2010/03/07 11:33:49 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\NCH Swift Sound
[2011/04/05 09:40:44 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PhotoSync
[2011/01/29 01:59:21 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PlayFirst
[2009/11/06 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Printer Info Cache
[2011/02/21 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ProtectDISC
[2010/04/18 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Radialpoint
[2010/01/20 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SecondLife
[2011/01/31 21:05:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SulusGames
[2010/10/30 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Super-Cow
[2011/02/22 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SystemRequirementsLab
[2009/08/10 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Template
[2011/01/31 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\TripleHippo
[2011/06/07 08:04:12 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\TuneUpMedia
[2010/12/22 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ValuSoft
[2010/01/10 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ViquaSoft
[2011/05/14 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Virgin Media
[2010/03/06 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\VistaCodecs
[2009/11/18 22:26:25 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Wildgames_JanesRealty
[2009/07/30 01:29:14 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\WinBatch
[2010/05/31 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\World-Loom
[2009/11/08 14:24:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\YoudaGames
[2011/05/30 11:39:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/05 23:51:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/06 17:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/05/28 18:15:09 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/06/06 17:32:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/05/30 11:39:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/06/05 23:26:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/28 18:15:10 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/06/07 17:44:43 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\KJFTFQR.job
[2011/06/07 17:42:28 | 000,032,556 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/09/27 13:27:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/09/27 13:27:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5095D8B1
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:ABD3B354
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6B86037F
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A6881EE7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1

< End of report >
 

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
In the custom scans/fixes box in OTL, can you copy and paste the following:

Code:
:FILES
@C:\ProgramData\Temp:5095D8B1
@C:\ProgramData\Temp:ABD3B354
@C:\ProgramData\Temp:6B86037F
@C:\ProgramData\Temp:A6881EE7
@C:\ProgramData\Temp:ADF211B1
C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g /D

And press the Run Fix button. Then run another OTL scan for me please :)

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Ok I've done that...here is the new OTL log: (the MBAM scan will probably not finish til tomorrow)


OTL logfile created on: 07/06/2011 22:50:27 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Carol\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 43.50% Memory free
3.98 Gb Paging File | 2.12 Gb Available in Paging File | 53.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.40 Gb Total Space | 21.71 Gb Free Space | 9.85% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 1.67 Gb Free Space | 13.36% Space Free | Partition Type: NTFS

Computer Name: PUTER2 | User Name: Carol | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Carol\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\Carol\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Virgin Media\Security\RPS.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
PRC - C:\Program Files\Virgin Media\Security\Fws.exe (Virgin Media)
PRC - C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
PRC - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
PRC - C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Carol\Desktop\OTL (1).exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\mssprxy.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NMSAccessU) -- File not found
SRV - (IDriverT) -- File not found
SRV - (KMService) -- C:\WINDOWS\System32\srvany.exe ()
SRV - (scan) -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll (S.C. BitDefender S.R.L)
SRV - (ServicepointService) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SRV - (HsdService) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Radialpoint Security Services) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SRV - (RP_FWS) -- C:\Program Files\Virgin Media\Security\Fws.exe (Virgin Media)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (RadialpointIDSAgent) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (AffinegyService) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe (Affinegy, Inc.)
SRV - (ezSharedSvc) -- C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\System32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (acedrv11) -- C:\WINDOWS\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys (BitDefender S.R.L.)
DRV - (RadialpointIDSDriver) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys (AVG Technologies )
DRV - (RadialpointIDSFilter) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys (AVG Technologies )
DRV - (RadialpointIDSShim) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (AVG Technologies )
DRV - (RadialpointIDSEH) -- C:\Windows\system32\drivers\AVGIDSEH.sys (AVG Technologies )
DRV - (bdfsfltr) -- C:\Windows\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (nvsmu) -- C:\WINDOWS\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\WINDOWS\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (AFGSp50) -- C:\WINDOWS\System32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 01:35:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/19 18:17:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/19 08:21:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 21:52:59 | 000,000,000 | ---D | M]

[2010/08/10 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions
[2010/08/10 10:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/20 17:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/03/21 15:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carol\AppData\Roaming\mozilla\Firefox\Profiles\zknkrr93.default\extensions
[2010/08/11 11:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carol\AppData\Roaming\mozilla\Firefox\Profiles\zknkrr93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/24 20:04:56 | 000,001,832 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\searchplugins\bing.xml
[2011/02/24 17:50:07 | 000,002,374 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\searchplugins\search.xml
[2011/03/24 09:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 08:21:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/15 20:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/17 11:01:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/03/30 19:02:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/14 20:29:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 09:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 14:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/11 09:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/11 19:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/01/23 16:52:13 | 000,000,000 | ---D | M] (Facemoods) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/05/19 08:20:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/01/21 22:11:12 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2011/05/11 21:52:58 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2011/05/11 21:52:59 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/01/01 09:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 09:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 09:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe ()
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RGSC] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Wedding Sunflowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Wedding Sunflowers.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/24 03:26:18 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 22:48:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/07 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/07 15:40:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/07 15:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/06 22:25:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL (1).exe
[2011/06/06 20:04:56 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/06 20:04:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/06 20:04:55 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/06 20:04:54 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/06 20:04:54 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/06 20:04:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/06 20:04:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/06 20:04:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/06 20:04:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/06 20:04:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/06 20:04:51 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/06 20:04:50 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/06 20:04:50 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/06 20:04:50 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/06 20:04:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/06/06 20:04:50 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/06 20:04:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/06 20:04:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/06 20:04:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/06 20:04:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/06 20:04:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/06 20:04:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/06 20:04:48 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/06 20:04:47 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/06 20:04:47 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/06 20:04:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/06 20:04:45 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/06 20:04:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/06 20:04:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/06 20:04:45 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/06 20:04:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/06 20:04:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/06 20:04:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/06 20:04:44 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/06 20:04:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/06 20:04:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/06 20:04:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/06 20:04:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/06 20:04:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/06/06 19:50:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/06 19:01:41 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/06 18:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Companion
[2011/06/06 18:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011/06/06 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\TuneUpMedia
[2011/06/06 18:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2011/06/06 18:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/06/06 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\party
[2011/06/06 18:09:31 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/05/29 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Carol\Documents\OneNote Notebooks
[2011/05/29 16:01:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/05/29 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/05/29 15:42:12 | 000,000,000 | ---D | C] -- C:\Users\Carol\Desktop\Microsoft
[2011/05/29 13:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/05/29 13:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/29 13:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/29 13:35:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/29 13:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/05/29 13:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011/05/29 13:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/05/29 13:29:24 | 000,000,000 | ---D | C] -- C:\Users\Carol\AppData\Local\Microsoft Help
[2011/05/29 13:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/29 13:27:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/14 20:08:55 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\Windows\System32\drivers\AVGIDSEH.sys
[2011/05/14 20:08:08 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2011/05/14 20:08:02 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/14 20:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011/05/14 20:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011/05/14 20:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virgin Media Security
[2011/05/13 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Carol\Paranormal.Activity.2.2010.UNRATED.DVDRip.XviD-Larceny
[2011/05/13 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\Carol\Paranormal Activity 1-2
[2011/05/11 21:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/11 21:57:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/05/11 21:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/11 21:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/11 21:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/11 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/11 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/07 22:41:08 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000UA.job
[2011/06/07 22:41:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/07 21:44:53 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 21:44:53 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 17:58:12 | 000,002,483 | ---- | M] () -- C:\Users\Carol\Desktop\HiJackThis.lnk
[2011/06/07 17:47:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/07 17:44:43 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\KJFTFQR.job
[2011/06/07 17:44:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/06 22:24:45 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Carol\Desktop\OTL (1).exe
[2011/06/06 20:04:56 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/06 20:04:56 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/06 20:04:55 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/06 20:04:54 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/06 20:04:54 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/06 20:04:54 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/06 20:04:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/06 20:04:54 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/06 20:04:51 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/06 20:04:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/06 20:04:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/06 20:04:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/06 20:04:50 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/06 20:04:50 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/06 20:04:50 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/06/06 20:04:50 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/06 20:04:50 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/06 20:04:50 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/06 20:04:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/06 20:04:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/06 20:04:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/06 20:04:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/06 20:04:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/06 20:04:48 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/06 20:04:47 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/06 20:04:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/06 20:04:45 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/06 20:04:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/06 20:04:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/06 20:04:45 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/06 20:04:45 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/06 20:04:44 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/06 20:04:44 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/06 20:04:44 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/06 20:04:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/06 20:04:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/06 20:04:43 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/06 20:04:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/06 20:04:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/06/06 19:50:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/06 18:33:19 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/06/06 18:21:14 | 000,075,776 | RHS- | M] () -- C:\Windows\System32\mciseqp.dll
[2011/06/06 17:32:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/06/06 17:23:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/06/06 14:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000Core.job
[2011/06/06 13:47:07 | 000,002,044 | ---- | M] () -- C:\Users\Carol\Desktop\Google Chrome.lnk
[2011/06/06 13:47:07 | 000,002,006 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/05 23:51:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/06/05 23:26:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/05/30 11:39:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/05/30 11:39:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/05/30 11:17:45 | 000,454,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 16:03:05 | 000,001,059 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/05/29 16:01:27 | 000,000,898 | ---- | M] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/29 13:37:42 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 18:15:10 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/05/28 18:15:09 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/05/27 14:10:30 | 000,005,334 | ---- | M] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2011/05/27 12:06:56 | 000,001,356 | ---- | M] () -- C:\Users\Carol\AppData\Local\d3d9caps.dat
[2011/05/27 00:46:00 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/05/16 14:29:24 | 216,801,477 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/15 12:13:44 | 007,109,396 | ---- | M] () -- C:\Users\Carol\Desktop\Take That-Love Love.mp3
[2011/05/15 10:35:21 | 010,016,866 | ---- | M] () -- C:\Users\Carol\Desktop\Lady Gaga-Judas.mp3
[2011/05/14 20:08:02 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\Windows\System32\drivers\rp_skt32.sys
[2011/05/14 20:06:59 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/14 13:50:16 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCarol.job
[2011/05/11 21:57:25 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/11 21:52:37 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/07 15:46:05 | 000,002,483 | ---- | C] () -- C:\Users\Carol\Desktop\HiJackThis.lnk
[2011/06/06 18:33:19 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/06/06 18:30:55 | 000,001,595 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/06/06 18:21:20 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\KJFTFQR.job
[2011/06/06 18:21:14 | 000,075,776 | RHS- | C] () -- C:\Windows\System32\mciseqp.dll
[2011/05/29 16:03:05 | 000,001,059 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2011/05/29 16:01:27 | 000,000,898 | ---- | C] () -- C:\Users\Carol\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/29 13:39:32 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011/05/14 20:06:59 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Virgin Media Security.lnk
[2011/05/14 19:28:21 | 010,016,866 | ---- | C] () -- C:\Users\Carol\Desktop\Lady Gaga-Judas.mp3
[2011/05/11 21:57:25 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/11 21:52:37 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/11 21:46:27 | 007,109,396 | ---- | C] () -- C:\Users\Carol\Desktop\Take That-Love Love.mp3
[2011/02/21 15:35:36 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/01/18 21:48:53 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/10/31 17:14:21 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySAVI2WMV.dat
[2010/05/29 16:49:03 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/04/19 18:17:09 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/04 21:08:51 | 000,000,049 | -H-- | C] () -- C:\Users\Carol\AppData\Local\rec02.dat
[2010/03/20 16:41:24 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/03/20 16:16:48 | 000,201,692 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/03/10 11:37:03 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/03/07 11:40:03 | 000,005,084 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010/01/28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/24 17:34:32 | 099,969,166 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\Zuma's Revenge!.exe
[2009/11/06 19:05:51 | 000,148,840 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009/11/06 19:05:25 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009/11/04 18:24:53 | 000,029,696 | ---- | C] () -- C:\Windows\System32\pthread.dll
[2009/10/23 15:42:53 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/09/27 13:29:04 | 115,107,360 | ---- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/26 13:52:29 | 000,032,256 | -H-- | C] () -- C:\Users\Carol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 00:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/19 00:19:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/10 21:31:48 | 000,005,334 | ---- | C] () -- C:\Users\Carol\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 11:11:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/29 00:48:59 | 000,001,356 | ---- | C] () -- C:\Users\Carol\AppData\Local\d3d9caps.dat
[2009/06/11 04:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/05/30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/10/24 03:41:26 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008/10/24 03:27:13 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/10/24 03:02:15 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/10/24 03:02:15 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,454,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/03/17 10:29:38 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll

========== LOP Check ==========

[2010/11/13 21:01:33 | 000,000,000 | -HSD | M] -- C:\Users\Carol\AppData\Roaming\.#
[2011/04/22 14:57:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\.minecraft
[2009/08/16 22:25:02 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\7Wonders
[2010/12/13 21:30:44 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Amazon
[2010/04/17 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Arkadium
[2011/03/25 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Atari
[2011/06/06 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Azureus
[2011/06/06 19:42:32 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\BitTorrent
[2011/06/06 18:09:31 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/11/17 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\CupcakeCafe
[2011/02/27 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\DAEMON Tools Pro
[2011/01/30 12:10:56 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\dream-avi-to-wmv
[2010/12/22 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\FreeBurner
[2010/09/26 13:53:11 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\FreezeTag
[2011/02/11 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\funkitron
[2010/10/03 20:21:49 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\GetRightToGo
[2010/06/02 12:39:42 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\IcoFX
[2009/11/06 19:26:53 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Image Zone Express
[2009/11/14 16:41:46 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\iWin
[2009/08/11 00:47:00 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Magic Academy
[2010/03/07 11:33:49 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\NCH Swift Sound
[2011/04/05 09:40:44 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PhotoSync
[2011/01/29 01:59:21 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\PlayFirst
[2009/11/06 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Printer Info Cache
[2011/02/21 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ProtectDISC
[2010/04/18 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Radialpoint
[2010/01/20 21:40:40 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SecondLife
[2011/01/31 21:05:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SulusGames
[2010/10/30 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Super-Cow
[2011/02/22 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\SystemRequirementsLab
[2009/08/10 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Template
[2011/01/31 21:06:25 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\TripleHippo
[2011/06/07 08:04:12 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\TuneUpMedia
[2010/12/22 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ValuSoft
[2010/01/10 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\ViquaSoft
[2011/05/14 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Virgin Media
[2010/03/06 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\VistaCodecs
[2009/11/18 22:26:25 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\Wildgames_JanesRealty
[2009/07/30 01:29:14 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\WinBatch
[2010/05/31 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\World-Loom
[2009/11/08 14:24:33 | 000,000,000 | ---D | M] -- C:\Users\Carol\AppData\Roaming\YoudaGames
[2011/05/30 11:39:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/05 23:51:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/06 17:23:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/05/28 18:15:09 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/06/06 17:32:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/05/30 11:39:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/06/05 23:26:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/05/28 18:15:10 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/06/07 17:44:43 | 000,000,302 | -HS- | M] () -- C:\WINDOWS\Tasks\KJFTFQR.job
[2011/06/07 17:42:28 | 000,032,556 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
I dont know whether this has got anything to do with a virus, we've had problems with it in the past so thought I'd mention it. Our Virgin Media security has just popped up saying that Rundll32 has been blocked from accessing the internet, it shows that there's 3 of these running in Task Manager as shown below. Also the web browser is still redirecting pages to odd sites which have nothing to do with what I'm looking for..


The MBAM scan has come back clear, here is the log..



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6788

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

08/06/2011 10:10:59
mbam-log-2011-06-08 (10-10-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 740275
Time elapsed: 15 hour(s), 32 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

Attachments

  • taskmanager.jpg
    taskmanager.jpg
    29 KB · Views: 17
Last edited:

My Computer

System One

  • Manufacturer/Model
    HP G60 Notebook
I will notify our malware expert and see if she is available to help :) Please be patient because she may not be here for a while due to time zones etc.

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Back
Top