Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Help! - Any advice on trojans removal ?

10 Jan 2010   #11
shiphen

Windows7 Pro x64
 
 

GROAN - worse and worse!
I just tried to boot in Safe Mode but the screen stays completely blank - even after about 5 minutes.
Here is a list of my hardware:

Motherboard: Intel DP55WB MA TX
Processor: Intel Core I5 750 2.66GHz
RAM: (2GB 1066 DDR3 Memory) x4 modules
Hard disk: Seagate 500Gb, RPM: 7200, Cache:32MB, SATA
Graphics card: XTF 9500GT 512Mb
Operating system: Windows7 Pro 64Bit
Power supply: 500W ATX 12v 80+ PSU
DVD: DVD-RWSATA
Mouse: Microsoft Intellimouse Explorer Tilt Wheel Mouse
Keyboard: Microsoft Ergonomic 400 USB Keyboard
Case: Midi Tower

How do I get the damned thing OUT of safe mode (which is invisible for some reason on my system!)


Ship


My System SpecsSystem Spec
.
10 Jan 2010   #12
K3VL4R

Windows 7 Ultimate X64
 
 

Just hold down the power button until it turns off. Then start it up again and try to get into safe mode again. Just select "safe mode" you do not need anything else like networking or any of the other options listed.
My System SpecsSystem Spec
10 Jan 2010   #13
theog

Microsoft Community Contributor Award Recipient

ME/XP/Vista/Win7
 
 

Try doing a system-restore:

System Restore
My System SpecsSystem Spec
.

10 Jan 2010   #14
shiphen

Windows7 Pro x64
 
 

Gads - okay I have now discovered that the NVIDIA XTF 9500GT graphics card has a second graphics port (the old fashioned sort) and I have managed to hook up an old monitor to it - gads they don't make this stuff make easy do they!

Right, so now I am in Safe Mode, I have uninstalled AVG free, and I am running MRT (the microsoft Malicious Software Removal Tool).
I have already run Microsoft Security Esssentials but it didnt find anything.
Ship
My System SpecsSystem Spec
10 Jan 2010   #15
shiphen

Windows7 Pro x64
 
 

For clarification, that was why my screen was staying BLANK every time I tried to go into Safe Mode - the graphics card was talking to the OLD style graphics port (which strangely is also the one that is FURTHEST from the rest of the card)!

OK now I am re-running all the scans at once: i.e.
- A-Squared Free
- MalwareBytes (Anti-Malware)
- Microsoft Security Essentials
- Microsoft Malicious Software Removal Tool
- Spybot Search & Destroy

I'll let them all run and come back and see what if anything they find...

Ship
My System SpecsSystem Spec
10 Jan 2010   #16
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
BACKGROUND
At the bottom right of my Windows7 screen, the Action Center gave me the following alerts:
- "Remove the W32/Gaobot.worm.genu - Win32/RBot.3eu!Worm virus"
and
- "Remove the Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm virus"
How were you notified that these Bots and password stealers were on your computer, if AVG didn't notify you?
Did this happen when you were on a web page or by opening a malicious e-mail?

First of all, flush your DNS cache:
Open a command prompt....from the Start menu, select Run > In the box/"open field", enter cmd.exe
enter ipconfig /flushdns press 'enter'

Next, download the HostsXpert 4.3 - Hosts File Manager.
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Now, using a known "CLEAN" computer, change all your passwords.
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

**** This OTL log will take more than one reply window, so be aware of that.
My System SpecsSystem Spec
11 Jan 2010   #17
shiphen

Windows7 Pro x64
 
 

Thanks so much guys - love that list Jav - I am working my way through it.
My main problem right now is that my (64bit Windows7) PC has a NVIDIA GeForce GTX 9500 graphics card and when I boot from CD it defaults to the (old-fashioned) graphics port (VGA??) and I dont have a working monitor for it! [Aaaaaargh!]

Btw, word on the street is that Combofix is the best utility but I cant find a 64bit version for it...


Ship
My System SpecsSystem Spec
11 Jan 2010   #18
shiphen

Windows7 Pro x64
 
 

I just wrote a long explanation of what I've been up do but this darned website crashed on me. Here is OLT.txt
My System SpecsSystem Spec
11 Jan 2010   #19
shiphen

Windows7 Pro x64
 
 

OTL logfile created on: 11/01/2010 23:45:26 - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\XXXX\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

Code:
8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 82.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 433.07 Gb Free Space | 93.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXX09
Current User Name: XXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\XXXX\AppData\Local\Temp\Temp1_HostsXpert.zip\HostsXpert\HostsXpert.exe (funkytoad.com)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 03:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 03:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (CSC) -- C:\Windows\CSC [2010/01/05 10:11:39 | 00,000,000 | ---D | M]
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.XXXXgolf.co.uk/t1/t1/launch.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 E3 FD C7 E8 8F CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.XXXXgolf.co.uk/t1/t1/launch.html"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.464
FF - prefs.js..extensions.enabledItems: {b4e481a8-9ef7-47ff-8512-dc865ba752bd}:1.1.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/11 19:38:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/11 19:37:41 | 00,000,000 | ---D | M]
 
[2010/01/07 22:28:34 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla\Extensions
[2010/01/07 22:28:34 | 00,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/11 13:49:25 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkmp1sbs.default\extensions
[2010/01/07 23:37:46 | 00,000,000 | ---D | M] (Zen Usage Viewer) -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkmp1sbs.default\extensions\{b4e481a8-9ef7-47ff-8512-dc865ba752bd}
[2010/01/09 12:16:30 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\rkmp1sbs.default\extensions\LogMeInClient@logmein.com
[2010/01/10 21:24:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/07 22:19:19 | 00,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/10 21:24:52 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/12/22 17:41:43 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/22 17:41:44 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/22 17:41:45 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/12/22 02:32:20 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/22 02:32:20 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/01/08 21:05:27 | 00,001,353 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/12/22 02:32:20 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/22 02:32:20 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/22 02:32:20 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/12/22 02:32:20 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/22 02:32:20 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (698 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\306313.lnk = C:\Users\XXXX\AppData\Local\Temp\nvscv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4604f6de-f9e9-11de-b431-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4604f6de-f9e9-11de-b431-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/01/11 23:37:32 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2010/01/11 23:33:23 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\HostsXpert
[2010/01/11 23:03:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2010/01/11 22:50:28 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Yahoo!
[2010/01/11 22:50:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/01/11 19:35:37 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/11 18:52:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/01/11 18:26:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\process explorer
[2010/01/11 15:47:48 | 00,093,872 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\drivers\SBREDrv.sys
[2010/01/11 15:47:48 | 00,027,944 | ---- | C] (Sunbelt Software) -- C:\Windows\SysWow64\sbbd.exe
[2010/01/11 15:47:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VIPRERESCUE
[2010/01/11 14:51:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Process Monitor
[2010/01/10 21:23:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/01/10 21:23:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010/01/10 21:23:48 | 00,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/01/10 18:06:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010/01/10 12:32:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/01/10 12:32:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/10 12:20:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/10 12:20:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/01/10 11:05:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2010/01/10 10:41:17 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2010/01/10 10:41:12 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/10 10:41:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/10 10:38:50 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/10 10:38:44 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/10 10:38:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/01/10 10:14:07 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2010/01/09 23:39:14 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\{C0B133B8-33F7-401B-A331-5780D8F885A9}
[2010/01/09 23:34:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010/01/09 19:24:49 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/01/09 19:12:42 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/01/09 19:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/01/09 19:09:10 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Adobe
[2010/01/09 19:08:58 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/01/09 19:08:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010/01/09 16:43:16 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Foxit
[2010/01/09 13:57:47 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010/01/09 13:57:31 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Macromedia
[2010/01/09 13:56:07 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Adobe
[2010/01/09 13:56:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/01/09 13:56:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/01/09 13:55:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/01/09 13:54:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/01/09 12:55:15 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Documents\My Maps
[2010/01/09 12:54:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2010/01/09 12:44:30 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\{7C480F86-91B2-4DE0-9E83-A05DD0140F5C}
[2010/01/09 12:41:24 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Mindjet
[2010/01/09 12:40:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mindjet
[2010/01/09 12:36:30 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/01/09 12:22:14 | 00,031,744 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2010/01/09 11:25:42 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Van Dyke Technologies
[2010/01/09 11:24:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AbsoluteFTP
[2010/01/09 11:10:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Xara
[2010/01/09 11:09:49 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/01/09 09:59:41 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Documents\Xara_Xara Xtreme Pro 5
[2010/01/09 09:59:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Magix
[2010/01/09 09:34:12 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Xara
[2010/01/09 09:34:12 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\MAGIX
[2010/01/09 09:34:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Xara
[2010/01/08 22:47:36 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\.oit
[2010/01/08 22:45:04 | 00,000,000 | ---D | C] -- C:\ProgramData\X1 Updater
[2010/01/08 22:45:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\X1
[2010/01/08 22:05:15 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/01/08 21:30:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/01/08 21:30:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/01/08 21:30:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/01/08 21:30:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/01/08 21:27:27 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2010/01/08 18:00:38 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Diagnostics
[2010/01/08 08:35:23 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Helios
[2010/01/08 08:24:15 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\PolyEdit Lite
[2010/01/08 00:21:10 | 00,000,000 | ---D | C] -- C:\Docs
[2010/01/08 00:20:16 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\TeamViewer
[2010/01/08 00:20:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/01/08 00:19:45 | 00,000,000 | ---D | C] -- C:\Users\XXXX\temp
[2010/01/08 00:13:36 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\skypePM
[2010/01/08 00:10:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/01/07 23:58:47 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\WTablet
[2010/01/07 23:58:43 | 09,104,680 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomTablet.cpl
[2010/01/07 23:58:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2010/01/07 23:58:40 | 00,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2010/01/07 23:58:33 | 00,015,656 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2010/01/07 23:58:29 | 00,018,216 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys
[2010/01/07 23:58:29 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\WTablet
[2010/01/07 23:58:26 | 05,521,192 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wacom_Tablet.exe
[2010/01/07 23:58:26 | 00,486,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wacom_Tablet.dll
[2010/01/07 23:58:26 | 00,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wacom_Tablet.dll
[2010/01/07 23:58:26 | 00,350,208 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2010/01/07 23:58:26 | 00,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2010/01/07 23:58:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Tablet
[2010/01/07 23:23:02 | 00,000,000 | ---D | C] -- C:\PSTs
[2010/01/07 23:16:03 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Seldom Used
[2010/01/07 22:56:41 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Deployment
[2010/01/07 22:56:41 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Apps
[2010/01/07 22:53:38 | 00,000,000 | ---D | C] -- C:\Users\XXXX\Documents\Downloads
[2010/01/07 22:48:00 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Google
[2010/01/07 22:47:54 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Google
[2010/01/07 22:47:49 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/07 22:28:29 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Mozilla
[2010/01/07 22:28:29 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Mozilla
[2010/01/07 22:25:59 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Searches
[2010/01/07 22:25:57 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Identities
[2010/01/07 22:25:55 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Contacts
[2010/01/07 22:25:55 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\VirtualStore
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\AppData\Local\Temporary Internet Files
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Templates
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Start Menu
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\SendTo
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Recent
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\PrintHood
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\NetHood
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Documents\My Videos
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Documents\My Pictures
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Documents\My Music
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\My Documents
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Local Settings
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\AppData\Local\History
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Cookies
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\Application Data
[2010/01/07 22:25:53 | 00,000,000 | -HSD | C] -- C:\Users\XXXX\AppData\Local\Application Data
[2010/01/07 22:25:52 | 00,000,000 | --SD | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Videos
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Saved Games
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Pictures
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Music
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Links
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Favorites
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Downloads
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Documents
[2010/01/07 22:25:52 | 00,000,000 | R--D | C] -- C:\Users\XXXX\Desktop
[2010/01/07 22:25:52 | 00,000,000 | -H-D | C] -- C:\Users\XXXX\AppData
[2010/01/07 22:25:52 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Temp
[2010/01/07 22:25:52 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Microsoft
[2010/01/07 22:25:52 | 00,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Media Center Programs
[2010/01/07 22:19:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/01/07 21:24:52 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/01/07 21:16:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/01/05 18:10:37 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2010/01/05 13:23:57 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/01/05 13:23:18 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/01/05 12:20:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/01/05 11:19:05 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/01/05 11:18:45 | 00,541,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010/01/05 11:15:35 | 14,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/01/05 11:15:35 | 11,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/01/05 11:15:34 | 12,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/01/05 11:15:34 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/01/05 11:15:34 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/01/05 11:15:34 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/01/05 11:15:34 | 01,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/01/05 11:15:34 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/01/05 11:15:34 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/01/05 11:15:34 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/01/05 11:15:34 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/01/05 11:15:34 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/01/05 11:15:34 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/01/05 11:15:34 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/01/05 11:15:22 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/01/05 11:15:21 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/01/05 11:15:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/01/05 11:06:04 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/01/05 11:05:53 | 00,342,656 | R--- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2010/01/05 11:05:27 | 00,273,072 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1k62x64.sys
[2010/01/05 11:05:27 | 00,072,288 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1kmsg.dll
[2010/01/05 11:05:27 | 00,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2010/01/05 11:05:25 | 00,078,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstK.dll
[2010/01/05 11:03:02 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/01/05 11:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/01/05 11:02:54 | 00,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/01/05 11:02:54 | 00,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/01/05 11:02:54 | 00,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/01/05 11:02:53 | 01,552,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010/01/05 11:02:53 | 01,272,352 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010/01/05 11:02:53 | 00,417,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010/01/05 11:02:53 | 00,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010/01/05 11:02:53 | 00,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/01/05 11:02:53 | 00,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010/01/05 11:02:52 | 01,163,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010/01/05 11:02:52 | 00,611,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010/01/05 11:02:52 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/01/05 11:02:52 | 00,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/01/05 11:02:52 | 00,066,080 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010/01/05 11:02:51 | 00,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/01/05 11:02:50 | 00,176,640 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll
[2010/01/05 11:02:50 | 00,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010/01/05 11:02:50 | 00,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010/01/05 11:02:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/01/05 11:02:49 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/01/05 11:02:49 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/01/05 11:02:48 | 00,540,672 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/01/05 11:02:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/01/05 11:01:01 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/01/05 11:01:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/01/05 11:00:59 | 00,000,000 | ---D | C] -- C:\Intel
[2010/01/05 11:00:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/01/05 11:00:16 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/01/05 11:00:13 | 00,000,000 | ---D | C] -- C:\TempEI4
[2010/01/05 10:54:50 | 00,000,000 | -HSD | C] -- C:\Recovery
[2010/01/05 10:54:47 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/01/05 10:11:43 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/01/05 10:11:11 | 00,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2010/01/11 23:47:00 | 02,359,296 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT
[2010/01/11 23:37:36 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2010/01/11 23:36:43 | 00,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/01/11 23:33:09 | 00,353,485 | ---- | M] () -- C:\Users\XXXX\Desktop\HostsXpert.zip
[2010/01/11 23:22:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000UA.job
[2010/01/11 23:21:17 | 00,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/11 23:21:17 | 00,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/11 23:18:28 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/11 23:18:28 | 00,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/11 23:18:28 | 00,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/11 23:14:24 | 00,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/11 23:14:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/11 23:14:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/11 23:13:53 | 21,399,42911 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/11 23:09:38 | 02,876,814 | -H-- | M] () -- C:\Users\XXXX\AppData\Local\IconCache.db
[2010/01/11 23:03:07 | 00,001,079 | ---- | M] () -- C:\Users\XXXX\Desktop\Search Everything.lnk
[2010/01/11 23:02:54 | 00,341,811 | ---- | M] () -- C:\Users\XXXX\Desktop\Everything-1.2.1.371.exe
[2010/01/11 22:58:00 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003UA.job
[2010/01/11 22:57:00 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003Core.job
[2010/01/11 22:52:00 | 00,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/11 22:50:21 | 00,001,933 | ---- | M] () -- C:\Users\XXXX\Desktop\CCleaner.lnk
[2010/01/11 19:18:58 | 52,428,8000 | ---- | M] () -- C:\.fuse_hidden0000000200000001
[2010/01/11 18:44:27 | 00,001,555 | ---- | M] () -- C:\Users\XXXX\Desktop\procexp.exe - Shortcut.lnk
[2010/01/11 18:25:04 | 01,615,732 | ---- | M] () -- C:\Users\XXXX\Desktop\ProcessExplorer.zip
[2010/01/11 16:01:04 | 00,001,035 | ---- | M] () -- C:\Users\XXXX\Desktop\TextPad.lnk
[2010/01/10 22:22:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000Core.job
[2010/01/10 21:24:41 | 00,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/01/10 21:24:41 | 00,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/01/10 21:23:48 | 00,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/01/10 21:22:02 | 02,972,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/10 18:01:57 | 03,168,344 | ---- | M] () -- C:\Users\XXXX\Desktop\Satellite_image_of_snow-covered_Great_Britain_on_7_January_2010.jpg
[2010/01/10 12:32:56 | 00,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/01/10 12:05:01 | 00,072,541 | ---- | M] () -- C:\Users\XXXX\Desktop\AVG_virus_vault_2010-01-10.gif
[2010/01/10 11:22:13 | 00,001,027 | ---- | M] () -- C:\Users\XXXX\Desktop\a-squared Free.lnk
[2010/01/10 11:22:02 | 00,001,075 | ---- | M] () -- C:\Users\XXXX\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 09:46:40 | 00,001,286 | ---- | M] () -- C:\Users\XXXX\Desktop\Control_Alt_A__batch_file.bat - Shortcut.lnk
[2010/01/10 09:46:30 | 00,001,286 | ---- | M] () -- C:\Users\XXXX\Desktop\Control_Alt_W__batch_file.bat - Shortcut.lnk
[2010/01/10 00:25:10 | 00,001,458 | ---- | M] () -- C:\Users\XXXX\Desktop\Internet Explorer (64-bit).lnk
[2010/01/10 00:01:25 | 00,000,948 | ---- | M] () -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\306313.lnk
[2010/01/10 00:00:21 | 00,089,752 | ---- | M] () -- C:\Users\XXXX\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/09 23:51:44 | 00,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Xara Xtreme Pro 5.lnk
[2010/01/09 23:40:32 | 00,002,886 | ---- | M] () -- C:\Users\Public\Desktop\Mindjet MindManager 8.lnk
[2010/01/09 23:37:31 | 00,001,024 | ---- | M] () -- C:\Users\XXXX\Desktop\7-Zip File Manager.lnk
[2010/01/09 22:54:31 | 00,001,205 | ---- | M] () -- C:\Users\XXXX\Desktop\Adobe Dreamweaver CS4.lnk
[2010/01/09 16:43:49 | 03,451,056 | ---- | M] () -- C:\Users\XXXX\Desktop\U.S. Preventive Medicine Comprehensive Business Plan June 2008.PDF
[2010/01/09 14:02:22 | 00,001,181 | ---- | M] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4.lnk
[2010/01/09 14:02:16 | 00,001,202 | ---- | M] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010/01/09 12:39:01 | 00,000,256 | ---- | M] () -- C:\Windows\SysWow64\pool.bin
[2010/01/09 12:27:30 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/01/09 12:09:27 | 00,000,224 | -H-- | M] () -- C:\ProgramData\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2010/01/09 00:32:58 | 00,002,558 | ---- | M] () -- C:\Users\XXXX\Documents\AMSS_Certificate_Export.pfx
[2010/01/08 22:40:13 | 00,001,920 | ---- | M] () -- C:\Users\XXXX\Desktop\SCANPST - Shortcut.lnk
[2010/01/08 22:17:29 | 00,002,675 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Word 2003.lnk
[2010/01/08 22:17:25 | 00,002,563 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Visio 2003.lnk
[2010/01/08 22:17:21 | 00,002,651 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Project 2003.lnk
[2010/01/08 22:17:16 | 00,002,645 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/01/08 22:17:09 | 00,002,693 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Outlook 2003.lnk
[2010/01/08 22:17:05 | 00,002,677 | ---- | M] () -- C:\Users\XXXX\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/08 22:11:19 | 00,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/01/08 22:10:38 | 00,000,499 | ---- | M] () -- C:\Windows\win.ini
[2010/01/08 21:52:34 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/01/08 00:13:36 | 00,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/01/07 22:57:41 | 00,001,024 | ---- | M] () -- C:\.rnd
[2010/01/07 22:53:23 | 00,002,248 | ---- | M] () -- C:\Users\XXXX\Desktop\Google Chrome.lnk
[2010/01/07 22:25:53 | 00,524,288 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/01/07 22:25:53 | 00,524,288 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 22:25:53 | 00,065,536 | -HS- | M] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/01/07 22:25:53 | 00,000,020 | -HS- | M] () -- C:\Users\XXXX\ntuser.ini
[2010/01/07 22:19:19 | 00,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 21:16:20 | 00,002,677 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/05 10:13:42 | 00,040,833 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/01/05 10:13:42 | 00,040,833 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2010/01/11 23:33:08 | 00,353,485 | ---- | C] () -- C:\Users\XXXX\Desktop\HostsXpert.zip
[2010/01/11 23:03:07 | 00,001,079 | ---- | C] () -- C:\Users\XXXX\Desktop\Search Everything.lnk
[2010/01/11 23:02:47 | 00,341,811 | ---- | C] () -- C:\Users\XXXX\Desktop\Everything-1.2.1.371.exe
[2010/01/11 22:50:21 | 00,001,933 | ---- | C] () -- C:\Users\XXXX\Desktop\CCleaner.lnk
[2010/01/11 19:18:36 | 52,428,8000 | ---- | C] () -- C:\.fuse_hidden0000000200000001
[2010/01/11 18:44:27 | 00,001,555 | ---- | C] () -- C:\Users\XXXX\Desktop\procexp.exe - Shortcut.lnk
[2010/01/11 18:25:01 | 01,615,732 | ---- | C] () -- C:\Users\XXXX\Desktop\ProcessExplorer.zip
[2010/01/11 16:01:04 | 00,001,035 | ---- | C] () -- C:\Users\XXXX\Desktop\TextPad.lnk
[2010/01/10 21:24:41 | 00,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/01/10 21:24:41 | 00,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/01/10 18:01:57 | 03,168,344 | ---- | C] () -- C:\Users\XXXX\Desktop\Satellite_image_of_snow-covered_Great_Britain_on_7_January_2010.jpg
[2010/01/10 12:32:56 | 00,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/01/10 12:14:54 | 00,000,948 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\306313.lnk
[2010/01/10 12:05:01 | 00,072,541 | ---- | C] () -- C:\Users\XXXX\Desktop\AVG_virus_vault_2010-01-10.gif
[2010/01/10 11:22:13 | 00,001,027 | ---- | C] () -- C:\Users\XXXX\Desktop\a-squared Free.lnk
[2010/01/10 11:22:02 | 00,001,075 | ---- | C] () -- C:\Users\XXXX\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 09:45:56 | 00,001,286 | ---- | C] () -- C:\Users\XXXX\Desktop\Control_Alt_A__batch_file.bat - Shortcut.lnk
[2010/01/10 09:45:51 | 00,001,286 | ---- | C] () -- C:\Users\XXXX\Desktop\Control_Alt_W__batch_file.bat - Shortcut.lnk
[2010/01/10 00:25:10 | 00,001,458 | ---- | C] () -- C:\Users\XXXX\Desktop\Internet Explorer (64-bit).lnk
[2010/01/09 23:40:32 | 00,002,886 | ---- | C] () -- C:\Users\Public\Desktop\Mindjet MindManager 8.lnk
[2010/01/09 23:37:31 | 00,001,024 | ---- | C] () -- C:\Users\XXXX\Desktop\7-Zip File Manager.lnk
[2010/01/09 22:54:31 | 00,001,205 | ---- | C] () -- C:\Users\XXXX\Desktop\Adobe Dreamweaver CS4.lnk
[2010/01/09 16:41:00 | 03,451,056 | ---- | C] () -- C:\Users\XXXX\Desktop\U.S. Preventive Medicine Comprehensive Business Plan June 2008.PDF
[2010/01/09 14:02:22 | 00,001,181 | ---- | C] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4.lnk
[2010/01/09 14:02:16 | 00,001,202 | ---- | C] () -- C:\Users\XXXX\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010/01/09 12:27:30 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/01/09 12:24:04 | 00,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/01/09 12:09:27 | 00,000,224 | -H-- | C] () -- C:\ProgramData\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2010/01/09 11:10:34 | 00,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Xara Xtreme Pro 5.lnk
[2010/01/09 00:32:55 | 00,002,558 | ---- | C] () -- C:\Users\XXXX\Documents\AMSS_Certificate_Export.pfx
[2010/01/08 22:40:13 | 00,001,920 | ---- | C] () -- C:\Users\XXXX\Desktop\SCANPST - Shortcut.lnk
[2010/01/08 22:17:29 | 00,002,675 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Word 2003.lnk
[2010/01/08 22:17:25 | 00,002,563 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Visio 2003.lnk
[2010/01/08 22:17:21 | 00,002,651 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Project 2003.lnk
[2010/01/08 22:17:16 | 00,002,645 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office PowerPoint 2003.lnk
[2010/01/08 22:17:09 | 00,002,693 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Outlook 2003.lnk
[2010/01/08 22:17:05 | 00,002,677 | ---- | C] () -- C:\Users\XXXX\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/08 00:13:36 | 00,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/07 23:58:43 | 01,653,980 | ---- | C] () -- C:\Windows\SysNative\WacomTablet.znc
[2010/01/07 22:57:40 | 00,001,024 | ---- | C] () -- C:\.rnd
[2010/01/07 22:53:23 | 00,002,248 | ---- | C] () -- C:\Users\XXXX\Desktop\Google Chrome.lnk
[2010/01/07 22:53:00 | 00,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003UA.job
[2010/01/07 22:52:59 | 00,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1003Core.job
[2010/01/07 22:47:57 | 00,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/07 22:47:56 | 00,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/07 22:45:20 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/07 22:25:53 | 00,524,288 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/01/07 22:25:53 | 00,524,288 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/01/07 22:25:53 | 00,065,536 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/01/07 22:25:53 | 00,000,020 | -HS- | C] () -- C:\Users\XXXX\ntuser.ini
[2010/01/07 22:25:52 | 02,359,296 | -HS- | C] () -- C:\Users\XXXX\NTUSER.DAT
[2010/01/07 22:19:19 | 00,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/01/07 22:17:08 | 00,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000UA.job
[2010/01/07 22:17:07 | 00,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1371372046-1498751470-1065098117-1000Core.job
[2010/01/07 21:16:20 | 00,002,677 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2010/01/05 11:05:53 | 00,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2010/01/05 11:05:27 | 00,003,127 | ---- | C] () -- C:\Windows\SysNative\e1k62x64.din
[2010/01/05 10:11:11 | 21,399,42911 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/13 23:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/14 14:29:30 | 00,008,520 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2007/04/27 11:43:58 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010/01/10 02:00:17 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\.oit
[2010/01/09 16:43:16 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Foxit
[2010/01/08 08:35:23 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Helios
[2010/01/09 09:34:12 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MAGIX
[2010/01/08 08:24:15 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\PolyEdit Lite
[2010/01/09 17:27:55 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TeamViewer
[2010/01/09 11:25:42 | 00,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Van Dyke Technologies
[2009/07/14 05:08:49 | 00,007,310 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
My System SpecsSystem Spec
11 Jan 2010   #20
shiphen

Windows7 Pro x64
 
 

And here is Extras.txt

Code:
OTL Extras logfile created on: 11/01/2010 23:45:26 - Run 1
OTL by OldTimer - Version 3.1.24.0     Folder = C:\Users\XXXX\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 82.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 433.07 Gb Free Space | 93.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXX09
Current User Name: XXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{59B4B93D-FC47-4F16-AE8E-CD103F022654}" = Microsoft Security Essentials
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEEFE7A9-293E-4F5F-A114-81731A9C3826}" = Intel(R) Network Connections 14.2.100.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) Network Connections 14.2.100.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0236C1B8-A699-4A8F-9121-36B41FFDB33A}" = Mindjet MindManager 8
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{2BF52D77-1DF7-4391-85B3-AE45CEE8BD86}" = Xara Xtreme Pro 5
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.10 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"CCleaner" = CCleaner
"Everything" = Everything 1.2.1.371
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Wacom Tablet Driver" = Wacom Tablet
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10/01/2010 18:33:52 | Computer Name = XXXX09 | Source = ESENT | ID = 902
Description = Windows (1560) Windows: The database engine detected multiple threads
 illegally using the same database session to perform database operations.     SessionId:
 0x0000000001351100     Session-context: 0x00000000     Session-context ThreadId: 0x00000000000013F4

    Current
 ThreadId: 0x00000000000013FC
 
Error - 10/01/2010 18:33:52 | Computer Name = XXXX09 | Source = ESENT | ID = 902
Description = Windows (1560) Windows: The database engine detected multiple threads
 illegally using the same database session to perform database operations.     SessionId:
 0x0000000001351100     Session-context: 0x00000000     Session-context ThreadId: 0x00000000000013F4

    Current
 ThreadId: 0x00000000000013FC
 
Error - 10/01/2010 18:33:52 | Computer Name = XXXX09 | Source = ESENT | ID = 902
Description = Windows (1560) Windows: The database engine detected multiple threads
 illegally using the same database session to perform database operations.     SessionId:
 0x0000000001351100     Session-context: 0x00000000     Session-context ThreadId: 0x00000000000013F4

    Current
 ThreadId: 0x00000000000013FC
 
Error - 10/01/2010 20:30:17 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\LogMeIn\x86\LogMeInToolkit.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 10/01/2010 20:30:20 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 10/01/2010 20:30:31 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program 
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 11/01/2010 11:09:31 | Computer Name = XXXX09 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11/01/2010 11:18:54 | Computer Name = XXXX09 | Source = SPP | ID = 16388
Description = 
 
Error - 11/01/2010 11:18:55 | Computer Name = XXXX09 | Source = SPP | ID = 16388
Description = 
 
Error - 11/01/2010 14:43:45 | Computer Name = XXXX09 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\LogMeIn\x64\LogMeInToolkit.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
[ System Events ]
Error - 11/01/2010 15:49:27 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid 
current state 32.
 
Error - 11/01/2010 18:47:16 | Computer Name = XXXX09 | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from 
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 11/01/2010 18:47:41 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 11/01/2010 18:50:41 | Computer Name = XXXX09 | Source = bowser | ID = 8003
Description = 
 
Error - 11/01/2010 19:09:44 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid 
current state 32.
 
Error - 11/01/2010 19:13:51 | Computer Name = XXXX09 | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\SBREdrv.sys has been blocked from 
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 11/01/2010 19:14:08 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 11/01/2010 19:14:14 | Computer Name = XXXX09 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 11/01/2010 19:22:11 | Computer Name = XXXX09 | Source = bowser | ID = 8003
Description = 
 
Error - 11/01/2010 19:34:11 | Computer Name = XXXX09 | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
My System SpecsSystem Spec
Reply

 Help! - Any advice on trojans removal ?




Thread Tools




Similar help and support threads
Thread Forum
advice urgently needed for Malaware removal
Hello All, A quick post to ask advice on the best software to detect and remove Malaware (Urgently please). My computer has picked up a nasty one (or more) and is now not behaving itself, so much that the PC has become virtually impossible to use. I am happy for info on both Free & Paid...
System Security
ESE Found Trojans
C:\Users\Jerry W. \AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\1AM4LT8F\AccountReview (2).htmL HTML/Phishing.Gen trojan cleaned by deleting - quarantined C:\Users\Jerry W. \AppData\Local\Microsoft\Windows\Temporary Internet...
System Security
Trojans
My wife has an exploit trojan virus on her win7 32 system, and we are trying to locate and delete the problem. any suggestions, perhaps some file list to go off of, I am not very savvy, and do not have money for a tech
System Security
Need Windows 7 Partition Removal Advice
Hello All, This is a somewhat lenghty story, but I'll try to include only the necessary facts. My Desktop PC has been setup for quite some time as an XP/Windows 7 dual boot to support Windows 7 evaluation. This has worked fine and never been an issue. The PC has 3 hard drives: (1) Single...
Installation & Setup
Trojans in Firefox Add-ons
This is a Google translation of parts of an article I found in a German publication: Mozilla has discovered two labeled as experimental add-ons for the browser Firefox, which contain dangerous malware. Version 4.0 of Sothink Web Video Downloader is therefore Win32.LdPinch.gen infected with a...
System Security
Trojans?
anybody had any problems? i got a trojan within the first 24-48 hours and it caused and endless sand time curser so i couldn't do anything i had to use evasive manouvers
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:42.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App