Complete internet slowdown; ? virus/spyware/trojan/malware

View previous topic View next topic Go down

Solved Complete internet slowdown; ? virus/spyware/trojan/malware

Post by ghendo on 1st March 2010, 11:11 am

Hi guys,

I think I've got something nasty in my system. My desktop computer web browsers (IE 8 and Firefox) have suddenly slowed down to the point where pages don't load at all. But it's very weird: my internet connection and the wireless network seem to be working fine (no problem accessing the 'net on my wife's laptop), and other applications on my desktop that require an internet connection seem to work (eg. I can play WoW). It's just the web browsers that seem affected.

An IT friend of mine had a look at it the other day. He couldn't find the exact cause, but noticed that there was an awful lot of internet activity even when the system should have been idling. He then played around in cmd and noticed that my computer seemed to be constantly spamming all these random overseas computers, and thought that might explain my slowdown. That was all he could come up with, so I was hoping you guys could help!

I've done all the obvious things: full scan with Zonealarm AV and a few other anti malware programs, registry cleans, resetting IE settings, resetting winsock and trying winsock XP fix. Nothing's worked, so now I've tried Hijackthis. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:30 PM, on 1/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Logitech\G35\G35.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Gavin\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0CB8CB24-AC61-4445-AB19-744DE4AD1331} - C:\WINDOWS\System32\ds16gt32.dll
O2 - BHO: (no name) - {15BE9E6D-7D53-4478-9F6D-587B6741305e} - C:\WINDOWS\System32\dbghelp32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NVCLOCK] Rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PDF Converter Elite Print Dispatcher] C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\WINDOWS\System32\blackbox32.dll
O20 - Winlogon Notify: 249f34d2810 - C:\WINDOWS\System32\blackbox32.dll
O20 - Winlogon Notify: __c0051D1E - C:\WINDOWS\system32\__c0051D1E.dat (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - (no file)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 16181 bytes


Would really appreciate any help you can provide, cheers!

ghendo

ghendo
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-01
Gender Gender : Male
OS OS : Windows 10
Protection Protection : ZoneAlarm, Malwarebytes, AdAware
Points Points : 24961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by Belahzur on 1st March 2010, 10:34 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by ghendo on 2nd March 2010, 6:22 am

Hey Belahzur, here are those two OTL logs:

OTL logfile created on: 2/03/2010 5:05:23 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Gavin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 282.76 Gb Free Space | 40.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 186.30 Gb Total Space | 26.25 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAVIN-1
Current User Name: Gavin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/02 16:50:56 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
PRC - [2010/02/08 17:16:54 | 000,665,008 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/12/22 01:57:28 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2009/12/12 06:00:44 | 013,006,104 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/11/13 16:15:04 | 000,053,248 | ---- | M] (pdfconverter.com) -- C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe
PRC - [2009/10/17 00:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/10/17 00:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/15 00:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/15 00:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/09/28 19:10:19 | 000,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/28 19:10:18 | 001,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/10 11:15:42 | 000,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/16 14:20:16 | 025,604,904 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/07/16 14:20:16 | 000,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
PRC - [2009/06/30 10:50:42 | 001,811,728 | ---- | M] (Logitech(c)) -- C:\Program Files\Logitech\G35\G35.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/30 00:29:28 | 002,643,312 | ---- | M] (ParetoLogic Inc.) -- C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/06/24 19:52:18 | 001,325,848 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe
PRC - [2006/04/10 15:24:20 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/03/08 08:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/08/04 23:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/02/17 11:10:10 | 000,094,208 | ---- | M] () -- C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe


========== Modules (SafeList) ==========

MOD - [2010/03/02 16:50:56 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
MOD - [2009/10/15 00:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/10/15 00:30:06 | 000,546,160 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll
MOD - [2009/09/10 11:15:48 | 000,013,072 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 13:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Seekdns Service)
SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - [2010/02/08 17:16:54 | 000,665,008 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/02/08 17:16:54 | 000,665,008 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/10/17 00:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/15 00:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/09/28 19:10:18 | 001,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/14 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/01 19:49:15 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/05/13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/10/11 09:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/02/06 18:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/03/02 17:00:49 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/03/02 17:00:32 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/10/17 00:39:42 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/15 00:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/10/15 00:29:48 | 000,035,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2009/10/12 18:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 18:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009/08/28 20:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/15 15:20:10 | 004,407,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/18 03:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/18 03:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/18 03:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/28 12:07:14 | 000,334,992 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ladfSBVMi386.sys -- (LADF_SBVM)
DRV - [2009/05/28 12:07:14 | 000,053,520 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ladfDHP2i386.sys -- (LADF_DHP2)
DRV - [2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/23 19:11:20 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/02/04 17:58:37 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/02/04 17:58:37 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/02/04 17:58:21 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/02/04 17:58:03 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/01/06 19:00:08 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/12/27 23:44:51 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/12/27 23:44:51 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/17 15:14:00 | 000,027,672 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2008/07/18 09:12:38 | 003,682,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008/05/20 22:53:36 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/05/02 23:46:00 | 006,554,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/14 06:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 05:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/13 21:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/08 10:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/06 18:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 18:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/10/19 11:20:06 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006/04/14 14:30:30 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2006/04/10 16:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/09/30 04:01:51 | 000,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/08/11 01:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/08/10 23:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/07/26 07:01:56 | 000,415,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2005/07/26 06:58:30 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2005/07/22 23:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/22 23:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/07/22 23:41:08 | 000,055,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/05/17 00:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/01/12 10:32:20 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/01/12 10:32:14 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/12 10:32:14 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/01/12 10:31:26 | 002,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/04 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/07 15:07:58 | 000,029,603 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\glauiad.sys -- (glauiad)
DRV - [2001/08/18 00:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 13:53:32 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 7D E6 A5 11 B8 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/02/17 17:43:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/05 22:02:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/01 20:24:33 | 000,000,000 | ---D | M]

[2010/02/28 15:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions
[2010/02/24 20:31:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/28 14:03:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{405020a4-c21c-4915-9f3e-f8785500400f}
[2010/02/28 13:52:18 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{53a04c94-1b9d-4faf-9c4c-b1d380d059e6}
[2010/03/01 20:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/04 11:03:32 | 000,000,000 | ---D | M] (Seekdns) -- C:\Program Files\Mozilla Firefox\extensions\{7BA9F755-DCD4-4B60-8AE8-EE3662C7C733}
[2010/02/20 23:02:52 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2008/07/12 17:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2008/07/12 17:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/04/07 17:59:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/04/07 17:59:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/04/07 17:59:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2008/04/07 17:59:03 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2008/04/07 17:59:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2009/09/16 06:25:26 | 000,070,448 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
[2010/02/04 22:55:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/04 11:03:33 | 000,002,385 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekdns118.xml

O1 HOSTS File: ([2010/03/01 19:39:26 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0CB8CB24-AC61-4445-AB19-744DE4AD1331} - C:\WINDOWS\system32\ds16gt32.dll ()
O2 - BHO: (no name) - {15BE9E6D-7D53-4478-9F6D-587B6741305e} - C:\WINDOWS\system32\dbghelp32.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NVCLOCK] C:\WINDOWS\System32\nvclock.dll (Micro-Star Int'l)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PDF Converter Elite Print Dispatcher] C:\Program Files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe (pdfconverter.com)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ParetoLogic Anti-Spyware] C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe (ParetoLogic Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\3D!Turbo Experience.lnk = C:\Program Files\MSI\3D!Turbo Experience\3D!Turbo.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [You must be registered and logged in to see this link.] (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\blackbox32.dll) - C:\WINDOWS\system32\blackbox32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c0051D1E: DllName - C:\WINDOWS\system32\__c0051D1E.dat - C:\WINDOWS\System32\__c0051D1E.dat File not found
O20 - Winlogon\Notify\249f34d2810: DllName - C:\WINDOWS\System32\blackbox32.dll - C:\WINDOWS\system32\blackbox32.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Gavin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gavin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {51C55F9E-C308-4c95-89AB-8858D8AFD819} - C:\Program Files\ParetoLogic\Anti-Spyware\PASShlExt.dll (ParetoLogic Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/10 17:25:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/17 09:13:07 | 001,246,440 | R--- | M] (BioWare) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/14 14:17:18 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/12/10 17:25:40 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{037c1bc1-69a0-11da-a515-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{037c1bc1-69a0-11da-a515-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b43a79e8-9b88-11de-b1ec-001fd022161f}\Shell - "" = AutoRun
O33 - MountPoints2\{b43a79e8-9b88-11de-b1ec-001fd022161f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b43a79e8-9b88-11de-b1ec-001fd022161f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/02 17:03:35 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
[2010/03/01 22:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/03/01 20:31:16 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Gavin\Desktop\winlogon.scr
[2010/03/01 20:23:17 | 027,386,256 | ---- | C] ( ) -- C:\Documents and Settings\Gavin\Desktop\AdbeRdr930_en_US.exe
[2010/03/01 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Desktop\JavaRa
[2010/03/01 20:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/01 20:01:07 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/01 20:01:07 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/01 20:01:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/01 20:01:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/01 20:01:07 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/01 19:59:04 | 016,258,848 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Gavin\Desktop\jre-6u18-windows-i586.exe
[2010/03/01 19:38:50 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Gavin\Desktop\WinsockxpFix.exe
[2010/02/28 16:01:38 | 008,669,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gavin\Desktop\Windows7UpgradeAdvisorSetup.exe
[2010/02/28 14:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/02/28 14:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/02/28 14:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/02/28 14:00:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/28 13:34:11 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/02/28 13:34:11 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/02/28 13:34:01 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010/02/28 13:33:52 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/02/28 13:33:51 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010/02/28 13:33:51 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010/02/28 13:33:51 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010/02/28 13:33:50 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/02/28 13:33:49 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/02/28 13:33:49 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/02/28 13:33:49 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/02/28 13:33:48 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/02/28 13:33:48 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/02/28 13:33:47 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/02/28 13:33:47 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/02/28 13:33:47 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/02/28 13:33:45 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/02/28 13:33:45 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/02/28 13:33:45 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/02/28 13:33:39 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010/02/28 13:33:39 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010/02/28 13:33:38 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010/02/28 13:33:37 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010/02/28 13:33:37 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010/02/28 13:33:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010/02/28 13:33:36 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010/02/28 13:33:36 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010/02/28 13:33:36 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010/02/28 13:33:33 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/02/28 13:33:32 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/02/28 13:33:32 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010/02/28 13:33:31 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010/02/28 13:33:31 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010/02/28 13:33:31 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010/02/28 13:28:51 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/02/28 13:28:50 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010/02/28 13:28:50 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010/02/28 13:28:49 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010/02/28 13:28:49 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/02/28 13:28:49 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010/02/28 13:28:48 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2010/02/28 13:28:48 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010/02/28 13:28:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010/02/28 13:28:45 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/02/28 13:23:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010/02/28 13:23:01 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/02/28 13:23:00 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/02/28 13:23:00 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/02/28 13:23:00 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/02/28 13:22:59 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/02/28 13:22:59 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/02/28 13:22:59 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/02/28 13:22:58 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/02/28 13:22:57 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/02/28 13:22:57 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/02/28 13:22:57 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/02/28 13:22:57 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/02/28 13:22:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/02/28 13:22:56 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/02/28 13:22:56 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/02/28 13:22:56 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/02/28 13:22:55 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/02/28 13:22:55 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/02/28 13:22:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/02/28 13:22:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/02/28 13:22:54 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/02/28 13:22:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/02/28 13:22:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/02/27 22:06:56 | 000,093,096 | ---- | C] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/02/27 22:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010/02/27 22:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Application Data\iolo
[2010/02/27 22:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/02/26 21:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Tracing
[2010/02/26 21:20:47 | 000,054,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010/02/26 21:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/02/26 21:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/02/26 21:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/02/25 16:23:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\F012F077606
[2010/02/22 21:45:54 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/02/22 21:45:54 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/22 21:45:54 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/02/20 23:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Application Data\Control Manager
[2010/02/20 23:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Application Data\WinRAR
[2010/02/20 23:03:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
[2010/02/20 23:03:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\380457909
[2010/02/20 23:02:57 | 000,000,000 | -HSD | C] -- C:\System Volume Data
[2010/02/20 23:02:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gavin\Application Data\SystemProc
[2010/02/13 17:55:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/02/13 17:46:26 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/02/13 17:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gavin\Local Settings\Application Data\FOXTEL
[2010/02/05 22:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/05 22:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/04 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/14 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/14 11:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/31 23:21:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/22 18:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/02 20:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/07/07 13:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/07/07 13:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2005/12/10 17:25:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/11/25 05:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/02 17:09:33 | 000,001,288 | ---- | M] () -- C:\WINDOWS\System32\1f28e74b
[2010/03/02 17:01:27 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2010/03/02 17:00:49 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/03/02 17:00:47 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/03/02 17:00:46 | 000,002,728 | -HS- | M] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810P.manifest
[2010/03/02 17:00:32 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/03/02 17:00:31 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\614413522
[2010/03/02 17:00:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/02 17:00:25 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/02 16:59:25 | 000,000,344 | -HS- | M] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810C.manifest
[2010/03/02 16:59:24 | 000,001,369 | -HS- | M] () -- C:\WINDOWS\System32\1959748738
[2010/03/02 16:57:45 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/02 16:57:39 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/03/02 16:57:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 16:57:28 | 000,000,558 | -HS- | M] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810O.manifest
[2010/03/02 16:57:28 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810S.manifest
[2010/03/02 16:57:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 16:56:08 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Gavin\NTUSER.DAT
[2010/03/02 16:55:44 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gavin\ntuser.ini
[2010/03/02 16:50:56 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gavin\Desktop\OTL.exe
[2010/03/01 22:30:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/01 22:29:25 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/03/01 22:17:40 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/03/01 22:17:21 | 000,000,137 | ---- | M] () -- C:\WINDOWS\msicpl.ini
[2010/03/01 20:29:44 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Gavin\Desktop\winlogon.scr
[2010/03/01 20:24:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/01 20:21:56 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Gavin\Desktop\AdbeRdr930_en_US.exe
[2010/03/01 20:01:16 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/03/01 20:00:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/01 20:00:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/01 20:00:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/01 20:00:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/01 20:00:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/01 19:56:26 | 016,258,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Gavin\Desktop\jre-6u18-windows-i586.exe
[2010/03/01 19:39:26 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/01 19:34:44 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Gavin\Desktop\WinsockxpFix.exe
[2010/03/01 18:10:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/01 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/03/01 00:33:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update.job
[2010/02/28 15:55:28 | 008,669,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gavin\Desktop\Windows7UpgradeAdvisorSetup.exe
[2010/02/28 15:15:55 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\741f33d5
[2010/02/28 14:41:44 | 000,002,216 | -HS- | M] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/28 14:41:44 | 000,002,216 | -HS- | M] () -- C:\Documents and Settings\Gavin\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/28 14:41:44 | 000,002,216 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/28 14:29:28 | 000,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/28 14:29:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/28 14:29:28 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/02/28 09:54:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/28 08:51:34 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/02/28 03:40:01 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/02/27 22:07:22 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/02/27 22:06:57 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\System Mechanic.lnk
[2010/02/27 22:04:12 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2010/02/27 21:46:18 | 000,491,120 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\sm_dm.exe
[2010/02/27 18:40:22 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2010/02/26 22:50:57 | 002,652,580 | -H-- | M] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\IconCache.db
[2010/02/26 22:39:39 | 000,556,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/26 22:39:39 | 000,466,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/26 22:39:39 | 000,079,830 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/26 22:38:50 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\ds16gt32.dll
[2010/02/26 21:46:41 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\drv232.dll
[2010/02/26 21:16:46 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Gavin\My Documents\My Sharing Folders.lnk
[2010/02/26 20:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/26 16:43:47 | 000,003,824 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2010/02/26 07:21:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{6512A08C-01D8-11DF-B282-001FD022161F}.job
[2010/02/26 03:00:01 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Anti-Spyware.job
[2010/02/25 17:04:47 | 000,197,120 | ---- | M] () -- C:\WINDOWS\System32\d3dx10_3632.dll
[2010/02/23 18:50:09 | 000,197,120 | ---- | M] () -- C:\WINDOWS\System32\dbghelp32.dll
[2010/02/23 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2010/02/21 09:56:37 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\dxdiagn32.dll
[2010/02/20 23:14:36 | 000,025,214 | -HS- | M] () -- C:\WINDOWS\System32\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.ico
[2010/02/20 23:14:36 | 000,025,214 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.ico
[2010/02/20 23:14:34 | 000,990,720 | -HS- | M] () -- C:\WINDOWS\System32\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.avi
[2010/02/20 23:14:34 | 000,990,720 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.avi
[2010/02/20 23:10:58 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\dimap32.dll
[2010/02/20 23:07:54 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\ddeml32.dll
[2010/02/20 23:07:53 | 000,198,656 | ---- | M] () -- C:\WINDOWS\System32\dbnmpntw32.dll
[2010/02/20 23:05:34 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\console32.dll
[2010/02/20 23:05:33 | 000,198,656 | ---- | M] () -- C:\WINDOWS\System32\comuid32.dll
[2010/02/20 23:04:28 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\CNMLM9132.dll
[2010/02/20 23:04:27 | 000,198,656 | ---- | M] () -- C:\WINDOWS\System32\CNC970L32.dll
[2010/02/20 23:03:05 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/02/20 23:02:50 | 000,095,744 | ---- | M] () -- C:\WINDOWS\System32\d3dx9_2832.dll
[2010/02/20 23:02:40 | 000,198,656 | ---- | M] () -- C:\WINDOWS\System32\cscdll32.dll
[2010/02/20 23:02:14 | 000,130,560 | ---- | M] () -- C:\WINDOWS\System32\blackbox32.dll
[2010/02/20 14:48:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/13 17:45:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/13 17:45:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/09 17:02:04 | 000,093,096 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/02/09 17:01:48 | 002,164,648 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/02/05 22:02:13 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/04 22:30:38 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Gavin\My Documents\Elders Bank cheque deposit 4.doc
[2010/02/04 22:27:38 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/01 17:42:54 | 000,477,537 | ---- | M] () -- C:\Documents and Settings\Gavin\Desktop\Informer_33.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

(continued next post)

ghendo
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-01
Gender Gender : Male
OS OS : Windows 10
Protection Protection : ZoneAlarm, Malwarebytes, AdAware
Points Points : 24961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by ghendo on 2nd March 2010, 6:23 am

========== Files Created - No Company Name ==========

[2010/03/01 22:29:25 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/03/01 20:24:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/28 15:15:55 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\741f33d5
[2010/02/28 13:33:42 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/02/28 13:33:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/02/28 13:33:41 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/02/28 13:33:41 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/02/28 13:33:40 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/02/28 13:33:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/02/28 13:33:40 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/02/28 13:33:39 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/02/28 13:33:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/02/28 13:33:35 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/02/28 08:59:24 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/02/27 22:07:22 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010/02/27 22:06:57 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\System Mechanic.lnk
[2010/02/27 22:06:56 | 002,164,648 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/02/27 22:06:54 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010/02/27 22:06:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010/02/27 22:04:12 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/02/27 22:02:18 | 000,491,120 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\sm_dm.exe
[2010/02/26 22:38:50 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\ds16gt32.dll
[2010/02/26 21:46:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\drv232.dll
[2010/02/25 23:39:40 | 000,002,216 | -HS- | C] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/25 23:39:40 | 000,002,216 | -HS- | C] () -- C:\Documents and Settings\Gavin\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/25 17:04:47 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\d3dx10_3632.dll
[2010/02/23 18:50:09 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\dbghelp32.dll
[2010/02/21 09:56:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\dxdiagn32.dll
[2010/02/21 09:43:31 | 000,003,824 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010/02/21 09:27:40 | 000,001,369 | -HS- | C] () -- C:\WINDOWS\System32\1959748738
[2010/02/20 23:15:10 | 000,002,216 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/20 23:15:10 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/20 23:15:10 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_.mkv
[2010/02/20 23:14:36 | 000,025,214 | -HS- | C] () -- C:\WINDOWS\System32\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.ico
[2010/02/20 23:14:36 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.ico
[2010/02/20 23:14:36 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.ico
[2010/02/20 23:14:36 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.ico
[2010/02/20 23:14:35 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.avi
[2010/02/20 23:14:34 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\LocalService\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.avi
[2010/02/20 23:14:34 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.avi
[2010/02/20 23:14:33 | 000,990,720 | -HS- | C] () -- C:\WINDOWS\System32\aa8099c4-1b93-4fa4-950f-dff6fdcb6014_8.avi
[2010/02/20 23:10:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\dimap32.dll
[2010/02/20 23:07:54 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ddeml32.dll
[2010/02/20 23:07:53 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\dbnmpntw32.dll
[2010/02/20 23:05:34 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\console32.dll
[2010/02/20 23:05:33 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\comuid32.dll
[2010/02/20 23:05:03 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\614413522
[2010/02/20 23:04:28 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\CNMLM9132.dll
[2010/02/20 23:04:27 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\CNC970L32.dll
[2010/02/20 23:03:05 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/02/20 23:02:58 | 000,001,288 | ---- | C] () -- C:\WINDOWS\System32\1f28e74b
[2010/02/20 23:02:50 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\d3dx9_2832.dll
[2010/02/20 23:02:40 | 000,198,656 | ---- | C] () -- C:\WINDOWS\System32\cscdll32.dll
[2010/02/20 23:02:40 | 000,002,728 | -HS- | C] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810P.manifest
[2010/02/20 23:02:40 | 000,000,558 | -HS- | C] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810O.manifest
[2010/02/20 23:02:40 | 000,000,344 | -HS- | C] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810C.manifest
[2010/02/20 23:02:40 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Gavin\Application Data\02000000986bfdca810S.manifest
[2010/02/20 23:02:14 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\blackbox32.dll
[2010/02/05 22:07:45 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/05 22:02:13 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/04 22:27:38 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/04 22:20:29 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Gavin\My Documents\Elders Bank cheque deposit 4.doc
[2010/02/01 17:43:16 | 000,477,537 | ---- | C] () -- C:\Documents and Settings\Gavin\Desktop\Informer_33.pdf
[2009/08/13 18:14:32 | 000,000,180 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\setup.log
[2009/08/13 18:14:15 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\setup_ldm.iss
[2009/08/06 22:24:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/01 16:15:38 | 000,075,024 | ---- | C] () -- C:\WINDOWS\System32\LADFCoinst_i386.dll
[2009/06/12 22:06:40 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/04/22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/01/04 22:54:52 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2008/12/31 17:04:42 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/12/26 15:34:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/26 15:34:00 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\PnkBstrK.sys
[2008/11/22 07:47:33 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2008/10/12 15:28:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/10/01 16:34:48 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/10/01 16:34:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/01 16:34:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/01 16:34:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/07/03 23:57:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/06/11 19:23:00 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/06/11 19:23:00 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/12/24 21:40:26 | 000,404,992 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/12/23 06:02:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/12/04 00:34:32 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/12/01 21:43:30 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/17 18:51:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\fusioncache.dat
[2007/07/27 22:44:37 | 000,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2007/04/03 19:29:53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2007/02/06 21:41:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/02/06 18:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/12/17 12:01:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/10/25 18:12:53 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/22 12:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/16 16:14:17 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\iconman.dll
[2006/10/15 22:33:45 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2006/09/30 16:22:29 | 000,000,588 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006/09/05 19:32:56 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006/09/05 19:27:58 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\SQSDRVRM.SYS
[2006/09/04 16:44:54 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Gavin\Application Data\RipEditBurn.ini
[2006/09/04 16:42:50 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\drvlock.sys
[2006/09/04 16:42:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\symbios.sys
[2006/06/17 19:01:30 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/06/04 22:25:27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/05/18 18:56:23 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/03/24 17:55:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/12 16:31:44 | 000,000,134 | ---- | C] () -- C:\WINDOWS\SW_Win2000X6.DLL
[2006/03/12 16:31:44 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win2000X32.DLL
[2006/03/12 16:26:30 | 000,001,666 | ---- | C] () -- C:\WINDOWS\CPPT_SearchHistory.INI
[2006/03/12 16:24:16 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/03/12 16:24:16 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2006/03/12 16:24:16 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/03/12 15:53:03 | 002,768,896 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2006/03/12 15:53:03 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\psparam.ini
[2006/02/01 20:22:54 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2006/01/31 18:02:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/01/25 17:33:14 | 000,043,520 | ---- | C] () -- C:\Documents and Settings\Gavin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/20 19:54:27 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/13 22:11:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005/12/12 18:14:36 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/12/12 17:58:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2005/12/12 17:45:47 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/12/11 21:52:10 | 000,000,137 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2005/12/11 21:47:23 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\memtest.dll
[2005/12/11 21:47:23 | 000,039,372 | R--- | C] () -- C:\WINDOWS\System32\drivers\vgauti.sys
[2005/12/11 21:47:23 | 000,039,372 | R--- | C] () -- C:\WINDOWS\System32\drivers\msicpl.sys
[2004/10/04 03:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
< End of report >

The Extras log is on the next post...

ghendo
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-01
Gender Gender : Male
OS OS : Windows 10
Protection Protection : ZoneAlarm, Malwarebytes, AdAware
Points Points : 24961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by ghendo on 2nd March 2010, 6:26 am

OTL Extras logfile created on: 2/03/2010 5:05:23 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Gavin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 282.76 Gb Free Space | 40.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 186.30 Gb Total Space | 26.25 Gb Free Space | 14.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAVIN-1
Current User Name: Gavin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus -- (Streamcast Networks, Inc)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\Valve\Steam\SteamApps\common\zuma deluxe\Zuma.exe" = C:\Program Files\Valve\Steam\SteamApps\common\zuma deluxe\Zuma.exe:*:Enabled:Zuma Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\astropop deluxe\WinAP.exe" = C:\Program Files\Valve\Steam\SteamApps\common\astropop deluxe\WinAP.exe:*:Enabled:AstroPop Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\bejeweled deluxe\WinBej.exe" = C:\Program Files\Valve\Steam\SteamApps\common\bejeweled deluxe\WinBej.exe:*:Enabled:Bejeweled Deluxe -- (PopCap.com)
"C:\Program Files\Valve\Steam\SteamApps\common\big money deluxe\WinBM.exe" = C:\Program Files\Valve\Steam\SteamApps\common\big money deluxe\WinBM.exe:*:Enabled:Big Money Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\bookworm deluxe\Bookworm.exe" = C:\Program Files\Valve\Steam\SteamApps\common\bookworm deluxe\Bookworm.exe:*:Enabled:BookWorm Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\dynomite deluxe\Dynomite.exe" = C:\Program Files\Valve\Steam\SteamApps\common\dynomite deluxe\Dynomite.exe:*:Enabled:Dynomite Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\feeding frenzy 2 deluxe\FeedingFrenzyTwo.exe" = C:\Program Files\Valve\Steam\SteamApps\common\feeding frenzy 2 deluxe\FeedingFrenzyTwo.exe:*:Enabled:Feeding Frenzy 2 Deluxe -- (PopCap Games)
"C:\Program Files\Valve\Steam\SteamApps\common\hammer heads deluxe\HammerHeads.exe" = C:\Program Files\Valve\Steam\SteamApps\common\hammer heads deluxe\HammerHeads.exe:*:Enabled:Hammer Heads Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\iggle pop deluxe\IgglePop.exe" = C:\Program Files\Valve\Steam\SteamApps\common\iggle pop deluxe\IgglePop.exe:*:Enabled:Iggle Pop Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\pizza frenzy\PizzaFrenzy.exe" = C:\Program Files\Valve\Steam\SteamApps\common\pizza frenzy\PizzaFrenzy.exe:*:Enabled:Pizza Frenzy -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\rocket mania deluxe\RocketMania.exe" = C:\Program Files\Valve\Steam\SteamApps\common\rocket mania deluxe\RocketMania.exe:*:Enabled:Rocket Mania Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\typer shark deluxe\WinTS.exe" = C:\Program Files\Valve\Steam\SteamApps\common\typer shark deluxe\WinTS.exe:*:Enabled:Typer Shark Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\talismania deluxe\Talismania.exe" = C:\Program Files\Valve\Steam\SteamApps\common\talismania deluxe\Talismania.exe:*:Enabled:Talismania Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = C:\Program Files\Valve\Steam\SteamApps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:STALKER: Shadow of Chernobyl -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\peggle deluxe\Peggle.exe" = C:\Program Files\Valve\Steam\SteamApps\common\peggle deluxe\Peggle.exe:*:Enabled:Peggle Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe" = C:\Program Files\Valve\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\venice\Venice.exe" = C:\Program Files\Valve\Steam\SteamApps\common\venice\Venice.exe:*:Enabled:Venice -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\bejeweled 2 deluxe\WinBej2.exe" = C:\Program Files\Valve\Steam\SteamApps\common\bejeweled 2 deluxe\WinBej2.exe:*:Enabled:Bejeweled 2 Deluxe -- (PopCap.com)
"C:\Program Files\Valve\Steam\SteamApps\common\chuzzle deluxe\Chuzzle.exe" = C:\Program Files\Valve\Steam\SteamApps\common\chuzzle deluxe\Chuzzle.exe:*:Enabled:Chuzzle Deluxe -- ()
"C:\Program Files\Valve\Steam\SteamApps\common\insaniquarium deluxe\Insaniquarium.exe" = C:\Program Files\Valve\Steam\SteamApps\common\insaniquarium deluxe\Insaniquarium.exe:*:Enabled:Insaniquarium Deluxe -- (PopCap Games)
"C:\Program Files\Valve\Steam\SteamApps\common\bookworm adventures deluxe\BookwormAdventures.exe" = C:\Program Files\Valve\Steam\SteamApps\common\bookworm adventures deluxe\BookwormAdventures.exe:*:Enabled:Bookworm Adventures Deluxe -- (PopCap Games, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program Files\Valve\Steam\SteamApps\common\oddworld abes oddysee\AbeWin.exe" = C:\Program Files\Valve\Steam\SteamApps\common\oddworld abes oddysee\AbeWin.exe:*:Enabled:Oddworld: Abe's Oddysee -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Valve\Steam\SteamApps\common\oddworld abes exoddus\Exoddus.exe" = C:\Program Files\Valve\Steam\SteamApps\common\oddworld abes exoddus\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe:*:Enabled:RunUpd -- File not found
"C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe" = C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe:*:Enabled:DriverCure -- (ParetoLogic)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}" = Arcanum
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{0B095086-7205-4D48-90DF-DCD16613C6D4}" =
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{103BCDA0-E063-46AC-8028-64E78722ABA7}" =
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP970_series" = Canon MP970 series
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}" =
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29ACDA07-0CAD-4751-B3A4-3E03C5F74673}" = ParetoLogic Privacy Controls
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{3A14DB5B-8D96-400C-BD97-A5656779099D}" = ArcSoft PhotoStudio 5.5
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4095E277-3005-42E9-8D84-DE6EB8704CEC}" =
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0625.2
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}" =
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}" =
"{5B095CD4-555F-4F70-9B90-B1DB84D810ED}" =
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}" =
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63A317D0-60A6-43FC-848A-9FE4A53B29CE}" =
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{66BCC50C-22D9-4927-9251-27FA88A32214}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EEAB9B3-1F74-4DC5-8D71-6CA0E2769E9B}" = PlayLinc
"{700932B3-A964-4878-82A2-96054622A1F7}" =
"{70389F30-F9E7-4D46-89F5-08A1196A161E}" = The Movies(TM) - Bonus Costumes
"{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}" =
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0610.1
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra
"{836612F0-1571-4C65-A4B7-58A39AA578EE}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93099B48-E36A-46C9-A03F-C85201D9B1C1}" = Foxit PDF IFilter
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{98181885-5B28-4280-9B56-452FF877D5B9}" =
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}" =
"{9C8732C3-32DE-4569-9E90-30040D76DABC}" = Navman NavDesk 2008
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}" =
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}" =
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACCEC3BD-FFCA-4146-8587-17650B86165B}" = D-Link DSL-302G USB Driver
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.01
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Effects
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB99E420-8071-48F9-9567-4A53BE7569C4}" =
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}" =
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D524239C-FD5C-4183-A49C-7930915A9C0A}" =
"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DA410706-345C-4288-8853-A2460BDD0FA0}" = Logitech G35
"{DAAC5938-8026-4D0C-A476-D1954917B7F5}" =
"{DC3065BF-95B4-42C5-B47D-0B713CDA75D0}" = Creative Zen Vision M
"{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}" =
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B08.0617.01
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.00
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"2FAAA66D96E998D4E8495C398B395423A4477741" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"3D!Turbo Experience" = 3D!Turbo Experience
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Personal" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AusDI" = AusDI
"Baldur's Gate" = Baldur's Gate
"Beyond Good and Evil_is1" = Beyond Good and Evil
"BitTorrent" = BitTorrent 5.0.8
"Blaze Audio Record Cleaner" = Blaze Audio Record Cleaner
"Blaze Audio RipEditBurn 2" = Blaze Audio RipEditBurn 2
"Blaze Audio Sound Effects Set 1" = Blaze Audio Sound Effects Set 1
"BTmod" = Oblivion - BTmod 2.20
"BurnRight! CD & DVD_is1" = BurnRight! CD & DVD
"CADI" =
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"Control Manager" = Control Manager
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"Creative Audio CD Ripper (Unicode)" =
"Creative Audio Device Selection" =
"Creative Auto Tag Cleaner" =
"Creative Import Wizard (Unicode)" =
"Creative Media Toolbox" =
"Creative MediaSource" =
"Creative MediaSource 5" =
"Creative MediaSource CD-ROM Burner Plugin" =
"Creative MediaSource Detector" =
"Creative MediaSource Go!" =
"Creative MediaSource MiniDisc Plugin Unicode" =
"Creative MediaSource Net Content Plugin Unicode" =
"Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin" =
"Creative MediaSource NOMAD MuVo Plugin" =
"Creative MediaSource Online Store Plugin" =
"Creative MediaSource Player Skin Pack" =
"Creative MediaSource Player Skin Pack Unicode" =
"Creative MediaSource Plugin for PlaysForSure devices" =
"Creative MediaSource Unicode" =
"Creative Music Store Plugin" =
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creative Sync Manager" =
"Creative Video Converter" =
"Creative Zen Vision M" =
"CSCLIB" = Canon Camera Support Core Library
"Diablo" = Diablo
"Diablo II" = Diablo II
"Digital Editions" = Adobe Digital Editions
"DirectDrawEx" =
"Divine Divinity" = Divine Divinity
"DVD Shrink_is1" = DVD Shrink 3.2
"DXM_Runtime" =
"EA Download Manager" = EA Download Manager
"EasyBurner_is1" = EasyBurner 2.4
"Easy-LayoutPrint" =
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"Essentials of Music Theory 1 Educator" = Essentials of Music Theory 1 Educator
"Essentials of Music Theory 2 Educator" = Essentials of Music Theory 2 Educator
"Essentials of Music Theory 3 Educator" = Essentials of Music Theory 3 Educator
"FLV Player" = FLV Player 2.0 (build 25)
"Fontcore" =
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free PS Convert driver_is1" = Free PS Convert driver
"Free Ram Optimizer XP_is1" = Free Ram Optimizer XP 1.0
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"Hitman: Contracts" = Hitman: Contracts
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"IKEA Home Planner Kitchen" =
"InstallShield Uninstall Information" =
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Effects
"InstallShield_{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" =
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0625.2
"InstallShield_{70389F30-F9E7-4D46-89F5-08A1196A161E}" =
"InstallShield_{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" =
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 2.2.5
"Lionheart – Legacy of the Crusader_is1" = Lionheart – Legacy of the Crusader
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Might & Magic VI Limited Edition_is1" = Might & Magic VI Limited Edition
"MobileOptionPack" =
"Morpheus" = Morpheus 5.5 (remove only)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Player_is1" = Musicnotes Player V1.23.1 and Viewer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 0.7.14
"OptusNet DSL" = OptusNet DSL
"ParetoLogic Anti-Spyware" = ParetoLogic Anti-Spyware
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PC Pitstop Optimize2_is1" = PC Pitstop Optimize2 2.0
"PC Tune-Up" = PC Tune-Up
"PCHealth" =
"PDF Converter Elite_is1" = PDF Converter Elite 2009
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Realms of Arkania Pack_is1" = Realms of Arkania Pack
"RegCure" = RegCure
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Sacred Underworld_is1" = Sacred Underworld
"SchedulingAgent" =
"Seekdns" = Seekdns 1.0 build 118
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.48
"Steam App 15700" = Oddworld: Abe's Oddysee
"Steam App 15710" = Oddworld: Abe's Exoddus
"Steam App 26800" = Braid
"Steam App 3300" = Bejeweled 2 Deluxe
"Steam App 3310" = Chuzzle Deluxe
"Steam App 3320" = Insaniquarium Deluxe
"Steam App 3330" = Zuma Deluxe
"Steam App 3340" = AstroPop Deluxe
"Steam App 3350" = Bejeweled Deluxe
"Steam App 3360" = Big Money Deluxe
"Steam App 3370" = BookWorm Deluxe
"Steam App 3380" = Dynomite Deluxe
"Steam App 3390" = Feeding Frenzy 2 Deluxe
"Steam App 3400" = Hammer Heads Deluxe
"Steam App 3410" = Heavy Weapon Deluxe
"Steam App 3420" = Iggle Pop Deluxe
"Steam App 3430" = Pizza Frenzy
"Steam App 3440" = Rocket Mania Deluxe
"Steam App 3450" = Typer Shark Deluxe
"Steam App 3460" = Talismania Deluxe
"Steam App 3470" = Bookworm Adventures Deluxe
"Steam App 3480" = Peggle Deluxe
"Steam App 3483" = Peggle Extreme
"Steam App 3490" = Venice
"Steam App 410" = Portal: The First Slice
"Steam App 4500" = STALKER: Shadow of Chernobyl
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"The Bard's Tale" = The Bard's Tale
"ULTIMATER" = Microsoft Office Ultimate 2007
"VDMSound" = VDMSound
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinBar" = WinBar (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"WMIinfo" = WMIinfo
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zen MicroPhoto Media Explorer" =
"Zen Vision:M Media Explorer" =
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/03/2010 4:39:50 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft OmniPage SE 4 -- Error 1706.No valid source could
be found for product ScanSoft OmniPage SE 4. The Windows Installer cannot continue.

Error - 1/03/2010 4:40:28 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft OmniPage SE 4 -- Error 1706.No valid source could
be found for product ScanSoft OmniPage SE 4. The Windows Installer cannot continue.

Error - 1/03/2010 4:40:28 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11719
Description = Product: ScanSoft OmniPage SE 4 -- Error 1719.The Windows Installer
Service could not be accessed. This can occur if you are running Windows in safe
mode, or if the Windows Installer is not correctly installed. Contact your support
personnel for assistance.

Error - 1/03/2010 4:59:25 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft OmniPage SE 4 -- Error 1706.No valid source could
be found for product ScanSoft OmniPage SE 4. The Windows Installer cannot continue.

Error - 1/03/2010 4:59:56 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft OmniPage SE 4 -- Error 1706.No valid source could
be found for product ScanSoft OmniPage SE 4. The Windows Installer cannot continue.

Error - 1/03/2010 7:30:16 AM | Computer Name = GAVIN-1 | Source = Application Error | ID = 1000
Description = Faulting application windowsupgradeadvisor.exe, version 2.0.5002.0,
faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/03/2010 7:30:22 AM | Computer Name = GAVIN-1 | Source = Application Error | ID = 1000
Description = Faulting application windowsupgradeadvisor.exe, version 2.0.5002.0,
faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 2/03/2010 1:51:09 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft OmniPage SE 4 -- Error 1706.No valid source could
be found for product ScanSoft OmniPage SE 4. The Windows Installer cannot continue.

Error - 2/03/2010 1:51:39 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft OmniPage SE 4 -- Error 1706.No valid source could
be found for product ScanSoft OmniPage SE 4. The Windows Installer cannot continue.

Error - 2/03/2010 1:52:04 AM | Computer Name = GAVIN-1 | Source = MsiInstaller | ID = 11706
Description = Product: ScanSoft OmniPage SE 4 -- Error 1706.No valid source could
be found for product ScanSoft OmniPage SE 4. The Windows Installer cannot continue.

[ System Events ]
Error - 2/03/2010 1:55:27 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 2/03/2010 1:55:28 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 2/03/2010 1:55:28 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 2/03/2010 1:55:28 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 2/03/2010 1:55:28 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 2/03/2010 1:55:28 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%2

Error - 2/03/2010 1:59:15 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%3

Error - 2/03/2010 1:59:15 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%2

Error - 2/03/2010 1:59:15 AM | Computer Name = GAVIN-1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
NCPro

Error - 2/03/2010 2:05:43 AM | Computer Name = GAVIN-1 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{47424207-745B-4BD1-9291-0B4B299E4ED0}. The
backup browser is stopping.


< End of report >


Thanks for your help mate - I really appreciate it!

Cheers,
ghendo

ghendo
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-01
Gender Gender : Male
OS OS : Windows 10
Protection Protection : ZoneAlarm, Malwarebytes, AdAware
Points Points : 24961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by Belahzur on 2nd March 2010, 1:29 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {0CB8CB24-AC61-4445-AB19-744DE4AD1331} - C:\WINDOWS\system32\ds16gt32.dll ()
    O2 - BHO: (no name) - {15BE9E6D-7D53-4478-9F6D-587B6741305e} - C:\WINDOWS\system32\dbghelp32.dll ()
    O2 - BHO: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
    O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\blackbox32.dll) - C:\WINDOWS\system32\blackbox32.dll ()
    O20 - Winlogon\Notify\__c0051D1E: DllName - C:\WINDOWS\system32\__c0051D1E.dat - C:\WINDOWS\System32\__c0051D1E.dat File not found
    O20 - Winlogon\Notify\249f34d2810: DllName - C:\WINDOWS\System32\blackbox32.dll - C:\WINDOWS\system32\blackbox32.dll ()
    [2010/03/02 17:09:33 | 000,001,288 | ---- | M] () -- C:\WINDOWS\System32\1f28e74b
    [2010/03/02 17:00:31 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\614413522
    [2010/02/28 15:15:55 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\741f33d5
    [2010/02/20 23:02:14 | 000,130,560 | ---- | C] () -- C:\WINDOWS\System32\blackbox32.dll



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by ghendo on 3rd March 2010, 6:51 am

Hey Belahzur,

Here are the contents of the fix log

Cheers,
ghendo

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB8CB24-AC61-4445-AB19-744DE4AD1331}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB8CB24-AC61-4445-AB19-744DE4AD1331}\ deleted successfully.
C:\WINDOWS\system32\ds16gt32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15BE9E6D-7D53-4478-9F6D-587B6741305e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15BE9E6D-7D53-4478-9F6D-587B6741305e}\ deleted successfully.
C:\WINDOWS\system32\dbghelp32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
File C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
File C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\blackbox32.dll deleted successfully.
C:\WINDOWS\system32\blackbox32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0051D1E\ deleted successfully.
Invalid CLSID key: __c0051D1E
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\249f34d2810\ deleted successfully.
File C:\WINDOWS\system32\blackbox32.dll not found.
C:\WINDOWS\system32\1f28e74b moved successfully.
C:\WINDOWS\system32\614413522 moved successfully.
C:\WINDOWS\system32\741f33d5 moved successfully.
File C:\WINDOWS\System32\blackbox32.dll not found.

OTL by OldTimer - Version 3.1.32.0 log created on 03032010_174613

ghendo
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-01
Gender Gender : Male
OS OS : Windows 10
Protection Protection : ZoneAlarm, Malwarebytes, AdAware
Points Points : 24961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by Belahzur on 3rd March 2010, 3:11 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by ghendo on 4th March 2010, 10:27 am

Belahzur,

That seems to have fixed it - you're a genius!! I've attached the ComboFix log below - is there anything more I need to do? Were you able to find out what was causing all the problems?

Thanks so much mate, I really appreciate your help - I'll definitely be telling all my friends about this service. You guys rock!!

Cheers,
ghendo Thank You!

ComboFix 10-03-03.04 - Gavin 04/03/2010 17:27:59.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2548 [GMT 11:00]
Running from: c:\documents and settings\Gavin\Desktop\Combo-Fix.exe
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\02000000986bfdca810C.manifest
c:\documents and settings\Administrator\Application Data\02000000986bfdca810O.manifest
c:\documents and settings\Administrator\Application Data\02000000986bfdca810P.manifest
c:\documents and settings\Administrator\Application Data\02000000986bfdca810S.manifest
c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\HotbarSA
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAau.dat
c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht
c:\documents and settings\All Users\Application Data\Seekdns
c:\documents and settings\All Users\Start Menu\Programs\Hotbar
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk
c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
c:\documents and settings\Gavin\Application Data\02000000986bfdca810C.manifest
c:\documents and settings\Gavin\Application Data\02000000986bfdca810O.manifest
c:\documents and settings\Gavin\Application Data\02000000986bfdca810P.manifest
c:\documents and settings\Gavin\Application Data\02000000986bfdca810S.manifest
c:\documents and settings\Gavin\Application Data\Control Manager
c:\documents and settings\Gavin\Application Data\Control Manager\ccagent.exe
c:\documents and settings\Gavin\Application Data\Control Manager\faq\guide.html
c:\documents and settings\Gavin\Application Data\Control Manager\faq\images\05.png
c:\documents and settings\Gavin\Application Data\Control Manager\faq\images\06.png
c:\documents and settings\Gavin\Application Data\Control Manager\faq\images\07.png
c:\documents and settings\Gavin\Application Data\Control Manager\faq\images\08.png
c:\documents and settings\Gavin\Application Data\Control Manager\faq\images\09.png
c:\documents and settings\Gavin\Application Data\Control Manager\faq\images\10.png
c:\documents and settings\Gavin\Application Data\Control Manager\settings.ini
c:\documents and settings\Gavin\Application Data\Control Manager\uninstall.exe
c:\documents and settings\Gavin\Application Data\Hotbar
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\1.sdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\1840276.sdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\3893245.sdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\domains.txt
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\29425
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\4574
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\45833
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\459395
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\52335
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\568240
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\5812
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\58203
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\78788
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\92930
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\38d7.dat
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\ads.cdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans.idx
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans1.dat
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\business_promo.htm
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\buttondir.txt
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\components.cdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\cursors.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_1000.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_2000.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_3000.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bar.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_logos.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_other.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_weather.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\default.cdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_511745-514279.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz1.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz10.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz11.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz12.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz13.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz14.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz15.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz16.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz17.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz18.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz19.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz2.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz20.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz3.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz4.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz5.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz6.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz7.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz8.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz9.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_categorize.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_comparison.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-Mails.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-people.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_favorites.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Games.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hide.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hotbarcom.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hotmail.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hsskin.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemster.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsterie.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsteruk.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jobsearch.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Mails.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_new.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_premium.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_reun.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_ringtones.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchfor.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchgo.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_weather.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_yellowpages.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\editblbuttons.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-548964.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-9595.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\email-t1-bg.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesmenu.cdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesMenu.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\hb_ie_menu.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium.cdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar_promo.htm
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\icons2.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_games_icon.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_video.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords.idx
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords1.dat
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\layout.cdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\linkpathlegal.txt
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\more.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\new_games.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\progress.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\s_icons_buttons.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\sales_buttons.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\sdfmodifier.xml
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\t2_bg.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\theweb.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\top7.cdf
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\Top7_theweb.mnu
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\tsd_bg.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\2\weathericon.res
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ads.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\default.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\gamesmenu.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hb_ie_menu.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar-premium.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\icons2.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\top7.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip
c:\documents and settings\Gavin\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\history
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\Weather_XML\Default
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\Weather_XML\Genera1
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\Weather_XML\General
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\WeatherDPA\Links
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences
c:\documents and settings\Gavin\Application Data\Hotbar\Weather\WeatherStartup.xml
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{405020a4-c21c-4915-9f3e-f8785500400f}
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{405020a4-c21c-4915-9f3e-f8785500400f}\chrome.manifest
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{405020a4-c21c-4915-9f3e-f8785500400f}\chrome\xulcache.jar
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{405020a4-c21c-4915-9f3e-f8785500400f}\defaults\preferences\xulcache.js
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{405020a4-c21c-4915-9f3e-f8785500400f}\install.rdf
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{53a04c94-1b9d-4faf-9c4c-b1d380d059e6}
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{53a04c94-1b9d-4faf-9c4c-b1d380d059e6}\chrome.manifest
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{53a04c94-1b9d-4faf-9c4c-b1d380d059e6}\chrome\xulcache.jar
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{53a04c94-1b9d-4faf-9c4c-b1d380d059e6}\defaults\preferences\xulcache.js
c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\extensions\{53a04c94-1b9d-4faf-9c4c-b1d380d059e6}\install.rdf
c:\documents and settings\Gavin\Application Data\ShoppingReport
c:\documents and settings\Gavin\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Gavin\Application Data\SystemProc
c:\documents and settings\Gavin\Application Data\SystemProc\lsass.exe
c:\documents and settings\Gavin\Application Data\WeatherDPA
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\program files\Mozilla Firefox\Plugins\npclntax_HotbarSA.dll
c:\program files\Seekdns
c:\program files\Seekdns\uninstall.exe
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\windows\GnuHashes.ini
c:\windows\system32\1A.tmp
c:\windows\system32\380457909
c:\windows\system32\A.tmp
c:\windows\system32\blackbox32.dll
c:\windows\system32\CNC970L32.dll
c:\windows\system32\CNMLM9132.dll
c:\windows\system32\comuid32.dll
c:\windows\system32\console32.dll
c:\windows\system32\cscdll32.dll
c:\windows\system32\d3dx10_3632.dll
c:\windows\system32\d3dx9_2832.dll
c:\windows\system32\dbnmpntw32.dll
c:\windows\system32\ddeml32.dll
c:\windows\system32\DIMAP32.DLL
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drv232.dll
c:\windows\system32\dxdiagn32.dll
c:\windows\system32\GWFSPidGen.dll
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u2126868104v0
c:\windows\system32\SysWoW32\@u2126868104v1
c:\windows\system32\SysWoW32\@u2126868104v2
c:\windows\system32\SysWoW32\@u2126868104v3
c:\windows\system32\SysWoW32\@u2126868104v4
c:\windows\system32\SysWoW32\@u2126868104v5
c:\windows\system32\SysWoW32\@u2126868104v6
c:\windows\system32\SysWoW32\@u2126868104v7
c:\windows\system32\SysWoW32\_u2126868104v0
c:\windows\system32\SysWoW32\_u2126868104v1
c:\windows\system32\SysWoW32\_u2126868104v2
c:\windows\system32\SysWoW32\_u2126868104v3
c:\windows\system32\SysWoW32\_u2126868104v4
c:\windows\system32\SysWoW32\_u2126868104v5
c:\windows\system32\SysWoW32\_u2126868104v6
c:\windows\system32\SysWoW32\_u2126868104v7
c:\windows\system32\SysWoW32\mu2126868104v4
c:\windows\system32\SysWoW32\mu2126868104v4.kwd
c:\windows\system32\SysWoW32\mu2126868104v5
c:\windows\system32\SysWoW32\mu2126868104v5.kwd
c:\windows\system32\SysWoW32\mu2126868104v6
c:\windows\system32\SysWoW32\mu2126868104v6.kwd
c:\windows\system32\SysWoW32\mu2126868104v7
c:\windows\system32\SysWoW32\mu2126868104v7.kwd
c:\windows\system32\SysWoW32\wu2126868104v0
c:\windows\system32\SysWoW32\wu2126868104v0.kwd
c:\windows\system32\SysWoW32\wu2126868104v1
c:\windows\system32\SysWoW32\wu2126868104v1.kwd
c:\windows\system32\SysWoW32\wu2126868104v2
c:\windows\system32\SysWoW32\wu2126868104v2.kwd
c:\windows\system32\SysWoW32\wu2126868104v3
c:\windows\system32\SysWoW32\wu2126868104v3.kwd
c:\windows\system32\Thumbs.db
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEEKDNS_SERVICE
-------\Service_Seekdns Service


((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 06:24 . 2010-03-04 06:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-03-03 06:46 . 2010-03-03 06:46 -------- d-----w- C:\_OTL
2010-03-01 11:29 . 2010-03-03 07:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-03-01 09:01 . 2010-03-01 09:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-28 03:07 . 2010-02-28 03:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2010-02-28 03:06 . 2010-02-28 03:06 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-02-28 03:04 . 2010-02-28 03:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-28 02:43 . 2010-02-28 02:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-28 02:34 . 2001-08-17 11:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2010-02-28 02:34 . 2001-08-17 11:36 19456 -c--a-w- c:\windows\system32\dllcache\brbidiif.dll
2010-02-28 02:34 . 2001-08-17 11:36 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-02-28 02:28 . 2001-08-17 02:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-02-28 02:28 . 2004-08-03 11:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2010-02-28 02:28 . 2001-08-17 02:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2010-02-28 02:28 . 2001-08-17 02:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2010-02-28 02:28 . 2001-08-17 02:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2010-02-28 02:28 . 2001-08-17 01:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2010-02-28 02:28 . 2001-08-17 03:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2010-02-28 02:28 . 2001-08-17 02:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2010-02-28 02:28 . 2001-08-17 01:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2010-02-28 02:23 . 2001-08-17 03:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2010-02-28 02:23 . 2001-08-17 01:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-02-28 02:23 . 2004-08-03 11:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2010-02-28 02:23 . 2001-08-17 01:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2010-02-28 02:23 . 2001-08-17 01:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2010-02-27 11:06 . 2010-02-09 06:02 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-02-27 11:06 . 2010-02-09 06:01 2164648 ----a-w- c:\windows\system32\Incinerator.dll
2010-02-27 11:06 . 2010-01-28 06:13 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-02-27 11:06 . 2010-01-28 06:13 12288 ----a-w- c:\windows\system32\smrgdf.exe
2010-02-27 11:06 . 2010-02-27 11:06 -------- d-----w- c:\program files\iolo
2010-02-27 11:04 . 2010-02-27 11:04 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-02-27 11:02 . 2010-02-28 02:54 -------- d-----w- c:\documents and settings\Gavin\Application Data\iolo
2010-02-27 11:02 . 2010-02-27 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-02-27 07:29 . 2010-02-27 07:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-26 10:22 . 2010-02-28 03:06 -------- d-----w- c:\documents and settings\Gavin\Tracing
2010-02-26 10:20 . 2009-08-05 11:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-02-26 10:20 . 2010-02-26 10:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-26 10:19 . 2010-02-26 10:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-26 10:14 . 2010-02-28 03:00 -------- d-----w- c:\program files\Windows Live
2010-02-25 05:23 . 2010-02-25 05:23 -------- d-----w- c:\windows\system32\F012F077606
2010-02-22 10:45 . 2009-12-08 19:26 2145280 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-22 10:45 . 2009-12-08 19:26 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-22 10:45 . 2009-12-08 18:43 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-20 12:02 . 2010-02-20 12:02 -------- d-----w- C:\System Volume Data
2010-02-13 06:55 . 2010-02-27 11:46 -------- d-sh--w- c:\documents and settings\All Users\DRM
2010-02-13 06:20 . 2010-02-13 06:20 -------- d-----w- c:\documents and settings\Gavin\Local Settings\Application Data\FOXTEL
2010-02-05 11:06 . 2010-02-05 11:06 -------- d-----w- c:\program files\iPod
2010-02-05 11:01 . 2010-02-05 11:02 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 06:42 . 2009-11-28 12:30 144 ----a-w- c:\windows\system32\pdfl.dat
2010-03-04 06:41 . 2008-11-21 20:47 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-04 06:41 . 2008-11-21 19:01 16608 ----a-w- c:\windows\gdrv.sys
2010-03-04 06:18 . 2008-05-05 13:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-04 06:17 . 2005-12-12 06:49 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-03-04 06:03 . 2009-08-28 01:18 -------- d-----w- c:\documents and settings\Gavin\Application Data\skypePM
2010-03-03 06:44 . 2009-08-01 06:00 -------- d-----w- c:\documents and settings\Gavin\Application Data\U3
2010-03-02 05:53 . 2008-10-17 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-03-01 09:24 . 2005-12-18 12:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-01 09:07 . 2006-05-11 23:47 -------- d-----w- c:\program files\Java
2010-03-01 09:01 . 2006-05-11 23:44 -------- d-----w- c:\program files\Common Files\Java
2010-02-28 06:11 . 2010-02-28 06:13 1807872 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2010-02-28 03:13 . 2010-02-28 03:19 5773312 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-02-28 03:03 . 2005-12-14 08:47 -------- d-----w- c:\program files\WinBar
2010-02-28 03:00 . 2009-03-31 11:52 -------- d-----w- c:\program files\Microsoft
2010-02-27 22:18 . 2010-02-27 22:23 5763584 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-02-27 22:18 . 2010-02-27 22:23 3003392 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-27 14:32 . 2009-05-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-02-27 11:46 . 2008-06-07 01:32 -------- d-----w- c:\program files\Morpheus
2010-02-26 22:38 . 2009-08-28 01:16 -------- d-----w- c:\documents and settings\Gavin\Application Data\Skype
2010-02-26 11:25 . 2009-03-19 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-25 05:09 . 2009-11-28 12:47 -------- d-----w- c:\program files\PC Tune-Up
2010-02-13 07:14 . 2009-03-31 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-09 09:48 . 2007-10-18 09:55 -------- d-----w- c:\program files\World of Warcraft
2010-02-05 11:07 . 2009-06-07 01:43 -------- d-----w- c:\program files\iTunes
2010-02-05 11:06 . 2008-12-09 12:00 -------- d-----w- c:\program files\Common Files\Apple
2010-02-04 11:55 . 2008-08-25 13:47 -------- d-----w- c:\program files\Foxit Software
2010-02-04 11:27 . 2006-02-09 11:42 -------- d-----w- c:\program files\Google
2010-01-23 04:50 . 2009-07-12 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-23 04:50 . 2009-08-24 07:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-22 05:11 . 2009-03-31 12:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 13:17 . 2009-05-04 08:48 -------- d-----w- c:\program files\ParetoLogic
2010-01-09 12:05 . 2010-01-09 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-01-09 12:05 . 2009-05-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-09 12:05 . 2009-05-04 08:48 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 07:35 . 2009-12-29 07:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2005-12-10 06:22 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-04-07 06:59 . 2008-07-12 06:31 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2008-07-12 06:31 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2008-07-12 06:31 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2008-07-12 06:31 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2008-07-12 06:31 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-07 278528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ParetoLogic Anti-Spyware"="c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2009-04-29 2643312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVCLOCK"="nvclock.dll" [2003-04-14 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-28 520024]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-24 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2009-06-29 1811728]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-16 1037192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"PDF Converter Elite Print Dispatcher"="c:\program files\pdfconverter.com\PDF Converter Elite\2009\pcSONPrnDisp.exe" [2009-11-13 53248]
"PC Pitstop Optimize Scheduler"="c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-01 29744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
3D!Turbo Experience.lnk - c:\program files\MSI\3D!Turbo Experience\3D!Turbo.exe [2005-12-12 94208]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-5 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-12 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2009-04-29 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 02:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
backupExtension=Common Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gavin^Start Menu^Programs^Startup^WinBar.lnk]
backup=c:\windows\pss\WinBar.lnkStartup
backupExtension=Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\zuma deluxe\\Zuma.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\astropop deluxe\\WinAP.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bejeweled deluxe\\WinBej.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\big money deluxe\\WinBM.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm deluxe\\Bookworm.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dynomite deluxe\\Dynomite.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\feeding frenzy 2 deluxe\\FeedingFrenzyTwo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\hammer heads deluxe\\HammerHeads.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\iggle pop deluxe\\IgglePop.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\pizza frenzy\\PizzaFrenzy.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\rocket mania deluxe\\RocketMania.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\typer shark deluxe\\WinTS.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\talismania deluxe\\Talismania.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\venice\\Venice.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bejeweled 2 deluxe\\WinBej2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\chuzzle deluxe\\Chuzzle.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\insaniquarium deluxe\\Insaniquarium.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bookworm adventures deluxe\\BookwormAdventures.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\oddworld abes oddysee\\AbeWin.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\oddworld abes exoddus\\Exoddus.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ParetoLogic\\DriverCure\\DriverCure.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/01/2009 6:11 PM 64160]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/02/2010 9:20 PM 54752]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [22/11/2008 6:42 AM 80392]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [27/02/2010 10:06 PM 665008]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [27/02/2010 10:06 PM 665008]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15/10/2009 12:30 AM 25208]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15/10/2009 12:30 AM 476528]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [24/06/2008 7:56 PM 431384]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [22/11/2008 7:47 AM 24944]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [15/10/2009 12:29 AM 35448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2009 11:18 AM 135664]
S3 cpuz130;cpuz130;\??\c:\docume~1\Gavin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Gavin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [27/12/2009 9:48 PM 25832]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5/08/2009 10:48 PM 704864]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [12/12/2005 5:58 PM 29603]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/07/2008 7:49 PM 29744]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28/08/2006 11:54 PM 10664]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [1/08/2009 4:15 PM 53520]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [1/08/2009 4:15 PM 334992]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19/01/2009 8:34 AM 1028432]
.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:10]

2010-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-02-27 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2009-05-05 c:\windows\Tasks\DriverCure_sch_92CA3C1A-3952-11DE-B152-001FD022161F.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 00:17]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 00:17]

2010-02-25 c:\windows\Tasks\ParetoLogic Anti-Spyware.job
- c:\program files\ParetoLogic\Anti-Spyware\Pareto_AS.exe [2009-04-29 13:29]

2010-02-25 c:\windows\Tasks\ParetoLogic Privacy Controls_{6512A08C-01D8-11DF-B282-001FD022161F}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]

2010-03-03 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-01-15 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-01-09 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-02-28 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2009-04-29 03:39]

2010-03-04 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-03-04 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-02-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Gavin\Application Data\Mozilla\Firefox\Profiles\7hpt33nr.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-Steam - (no file)
Notify-249f34d2810 - (no file)
AddRemove-HijackThis - c:\docume~1\Gavin\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-04 17:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll

- - - - - - - > 'explorer.exe'(4828)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfhook.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(684)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\GIGABYTE\ET6\GUI.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-03-04 17:49:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-04 06:49

Pre-Run: 303,325,589,504 bytes free
Post-Run: 302,936,150,016 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EBC14CC24FF14AA475FE58B42CAAD802

ghendo
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-01
Gender Gender : Male
OS OS : Windows 10
Protection Protection : ZoneAlarm, Malwarebytes, AdAware
Points Points : 24961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by Belahzur on 4th March 2010, 9:18 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Morpheus 5.5 (remove only)
    Seekdns 1.0 build 118
    ZoneAlarm Spy Blocker

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by ghendo on 8th March 2010, 12:04 am

Hey Belahzur,

Got rid of Morpheus and ComboFix. Couldn't find Seekdns in the Add/Remove Programs panel, and couldn't delete ZoneAlarm Spy Blocker (got an error message that I was missing the correct path). Anyway, the internet is working great again. Do you know what it was? And is there anything I can do to protect myself from it again, because obviously ZoneAlarm Antivirus couldn't stop it! Thanks again for all you help mate, you're a legend!

Cheers,

ghendo :smile2:

ghendo
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-03-01
Gender Gender : Male
OS OS : Windows 10
Protection Protection : ZoneAlarm, Malwarebytes, AdAware
Points Points : 24961
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Complete internet slowdown; ? virus/spyware/trojan/malware

Post by Belahzur on 8th March 2010, 12:20 am

Hello.
Not too sure what it was, looks like a lot of adware and possibly something else.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum