# Solved: AntiVirusOverride:



## jayd (Mar 1, 2006)

This only just started showing up in my Spybot S&D scans. Never saw it before a few days ago. I did read some thing but honestly what I read didn't answer my question which is,
Should I allow Spybot S&D to remove this?

Hope I'm posting the question in the correct place. Apologies if mistaken.

*Microsoft.WindowsSecurityCenter.AntiVirusOverride: *

Thank You and Good Wishes to all for a Happy, Healthy New Year
J

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 4 Stepping 3
Processor Count: 2
RAM: 3710 Mb
Graphics Card: RADEON X300 SE 128MB HyperMemory, 128 Mb
Hard Drives: C: Total - 73163 MB, Free - 46990 MB; 
Motherboard: Dell Inc. , 0WG261, , ..CN698615CP01D3.
Antivirus: , Updated:yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:01 PM, on 27/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\Jay\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wil...=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wil...d=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wil...enu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wil...menu_ie_report
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1231951123843
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/download...1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37680.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-56193df6ff453161.spaces.l...d/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18519 bytes


----------



## Cookiegal (Aug 27, 2003)

These are just warnings that the Security Center alert that would normally warn you if your anti-virus has been turned off or disabled for any reason, has been unchecked so that it doesn't alert you.

If you chose not to be alerted and turned those things off in the Security Center intentionally, then you can have SpyBot put these on Ignore.

Otherwise, something or someone has changed those settings and that should be investigated further.

As your computer specs indicate that you aren't running any anti-virus software then yes, it could of some concern in this instance.

Please go * here* to download *HijackThis*.

To the right of the green arrow under *HijackThis downloads* click on the *Executable *button and download the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*


----------



## jayd (Mar 1, 2006)

Hi and thank you.
Yes, I did notice that the puter specs indicate no AV, and that's something I can't understand because I am in fact running ESET's Nod32 AV, which is updated as well. So that one's a mystery.
In fact, I once altered that spec to yes but I see it has defaulted to NO. ??

Thanks again and will immediately do as instructed. bbsoon


----------



## Cookiegal (Aug 27, 2003)

Most of the anti-virus programs will disable those alerts because they self-monitor, meaning they will alert you if the program is not running but malware can change it as well. The logs indicate Eset is running but lets take a few steps to be sure all is in order.

First, please run the TSG system utility again and post the results:

http://static.techguy.org/download/SysInfo.exe

Then, please do the following:

Please download Malwarebytes' Anti-Malware from *Here*.

Double Click *mbam-setup.exe* to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*


----------



## Cookiegal (Aug 27, 2003)

jayd said:


> In fact, I once altered that spec to yes but I see it has defaulted to NO. ??


It's only your computer specs field in your profile so it wouldn't revert back on its own. It's likely that you didn't save the changes.


----------



## jayd (Mar 1, 2006)

TSG system utility ???

Where from? Or is the TSG the same as Hijack this?

I do have Malwarebytes and use it daily. Ran a scan earlier and it showed things were clean. Do you want me to run it again now? Full or Quick scan if yes.


----------



## Cookiegal (Aug 27, 2003)

I posted the link to the TSG utility but I'll post it here again. It's not the same as HijackThis. It gives system specs.

http://static.techguy.org/download/SysInfo.exe


----------



## Cookiegal (Aug 27, 2003)

Yes, please update MalwareBytes and run a full system scan.


----------



## jayd (Mar 1, 2006)

oh good grief charlie brown! TSG .. what's wrong with me. Of course. Color me embarrassed.
Here it is.
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 4 Stepping 3
Processor Count: 2
RAM: 3710 Mb
Graphics Card: RADEON X300 SE 128MB HyperMemory, 128 Mb
Hard Drives: C: Total - 73163 MB, Free - 46826 MB; 
Motherboard: Dell Inc. , 0WG261, , ..CN698615CP01D3.
Antivirus: , Updated: No, On-Demand Scanner: Enabled


----------



## jayd (Mar 1, 2006)

going to MB now and will run a full scan.


----------



## jayd (Mar 1, 2006)

Here's the full scan requested.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5405

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/12/2010 9:24:59 PM
mbam-log-2010-12-27 (21-24-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 217636
Time elapsed: 33 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## jayd (Mar 1, 2006)

Cookiegal ...

Just on line for a few minutes tonight checking emails. Just a tiny bit under the weather but wanted to acknowledge this project. Soonest I can get to it is tomorrow morning sometime. Hope that's okay. Will print out instr. but going to bed in a minute or two.
Thank you for your patience and help.
BBack tomoro


----------



## Cookiegal (Aug 27, 2003)

That's fine. Take your time and I hope you feel better.


----------



## jayd (Mar 1, 2006)

```
OTS logfile created on: 30/12/2010 9:35:40 AM - Run 1
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.45 Gb Total Space | 45.29 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DFY1752J
Current User Name: Jay
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
admunch.exe -> C:\Program Files\Ad Muncher\AdMunch.exe -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
googlecrashhandler.exe -> C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe -> [2010/10/19 16:08:15 | 000,134,808 | ---- | M] (Google Inc.)
iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
forcefield.exe -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
bthelpnotifier.exe -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
 
[Modules - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
am32-32300.dll -> C:\Program Files\Ad Muncher\AM32-32300.dll -> [2010/12/28 00:30:22 | 000,072,192 | ---- | M] (Murray Hurps Corp Pty Ltd)
sahook.dll -> c:\Program Files\McAfee\SiteAdvisor\sahook.dll -> [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.)
iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
mccicontexthook_dsr.dll -> C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll -> [2009/12/07 11:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll -> [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll -> [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(KodakCCS) Kodak Camera Connection Software [On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\KodakCCS.exe -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
(MatSvc) Microsoft Automated Troubleshooting Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Fix it Center\Matsvc.exe -> [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation)
(IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
(nosGetPlusHelper) getPlus(R) Helper 3004 [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -> [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.)
(EhttpSrv) ESET HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
(dlcc_device) dlcc_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlcccoms.exe -> [2005/06/21 20:19:38 | 000,491,520 | ---- | M] ()
 
[Driver Services - Safe List]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
(srescan) srescan [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\ZoneLabs\srescan.sys -> File not found
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> File not found
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> File not found
(ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2010/09/02 12:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies)
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD)
(cpuz133) cpuz133 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz133_x32.sys -> [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2009/05/14 14:49:32 | 000,094,360 | ---- | M] (ESET)
(ehdrv) ehdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ehdrv.sys -> [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET)
(eamon) eamon [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET)
(cpuz132) cpuz132 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz132_x32.sys -> [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DDMI2.sys -> [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.live.com/ [binary data] -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://uk.msn.com/?ocid=iehp -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA 0C 4C 8F 6B A7 CB 01  [binary data] -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\prefs.js -> 
browser.search.defaultenginename -> "Secure Search" ->
browser.search.defaultthis.engineName -> "ZoneAlarm Security Customized Web Search" ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/webhp?rls=ig" ->
extensions.enabledItems -> {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0 ->
extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 ->
extensions.enabledItems -> [email protected]:5.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15 ->
extensions.enabledItems -> {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0 ->
keyword.URL -> "http://uk.search.yahoo.com/search?fr=mcafee&p=" ->
network.proxy.no_proxies_on -> "127.0.0.1,*.local" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2010/11/21 17:15:33 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/12/16 18:41:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/20 15:26:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/11 18:22:57 | 000,000,000 | ---D | M]
HKLM\software\mozilla\SeaMonkey\Extensions ->  -> 
HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2009/05/20 15:57:17 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions -> [2008/09/14 08:24:14 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions -> [2010/12/29 11:44:47 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2) -> [2008/12/09 13:39:01 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/28 18:10:46 | 000,000,000 | ---D | M]
Flashblock   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/10/14 18:14:56 | 000,000,000 | ---D | M]
IE Tab   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/06/03 17:59:30 | 000,000,000 | ---D | M]
ZoneAlarm Security Toolbar   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} -> [2010/11/21 16:55:30 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/09/11 18:28:27 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} -> [2010/08/17 11:39:36 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/24 17:14:42 | 000,000,000 | ---D | M]
Adobe DLM (powered by getPlus(R))   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2010/10/20 14:08:00 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2010/09/23 12:03:06 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2009/03/26 14:53:47 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bing.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\bing.xml -> [2010/09/23 15:49:26 | 000,001,820 | ---- | M] ()
 conduit.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\conduit.xml -> [2010/08/19 21:08:14 | 000,000,939 | ---- | M] ()
 google-translate-any--en.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\google-translate-any--en.xml -> [2010/09/23 15:52:52 | 000,002,027 | ---- | M] ()
 mozilla-add-ons.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\mozilla-add-ons.xml -> [2008/12/03 15:18:50 | 000,001,620 | ---- | M] ()
 searchgeek.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\searchgeek.xml -> [2010/01/28 20:24:59 | 000,001,859 | ---- | M] ()
 snappy-words.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\snappy-words.xml -> [2010/01/28 20:19:24 | 000,002,256 | ---- | M] ()
 thesaurus---referencecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\thesaurus---referencecom.xml -> [2010/09/23 15:53:46 | 000,001,539 | ---- | M] ()
 timeanddatecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\timeanddatecom.xml -> [2010/12/29 11:44:51 | 000,011,187 | ---- | M] ()
 wot-safe-search.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\wot-safe-search.xml -> [2010/09/11 15:44:32 | 000,002,306 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/12/29 11:44:47 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/04 17:23:15 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/29 18:02:46 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/12/27 13:34:16 | 000,429,771 | R--- | M] - 14842 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 05:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
{872b5b88-9db5-4310-bdd0-ac189557e5f5} [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
{91da5e8a-3318-4f8c-b67e-5964de3ab546} [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/07/13 15:02:19 | 000,668,656 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2009/09/20 01:26:34 | 000,158,008 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Ad Muncher" -> C:\Program Files\Ad Muncher\AdMunch.exe ["C:\Program Files\Ad Muncher\AdMunch.exe" /bt] -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
"btbb_McciTrayApp" -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe ["C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"] -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
"DLCCCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]] -> [2005/06/07 18:38:10 | 000,069,632 | ---- | M] ()
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 000,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
"MSKDetectorExe" -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> [2005/07/12 19:05:30 | 001,117,184 | ---- | M] (McAfee, Inc.)
"SBAutoUpdate" -> C:\Program Files\SpywareBlaster\sbautoupdate.exe ["C:\Program Files\SpywareBlaster\sbautoupdate.exe"] -> [2010/08/30 22:35:16 | 000,938,744 | ---- | M] ()
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> C:\Program Files\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/13 15:02:19 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled -> [2006/09/28 20:40:49 | 000,001,725 | ---- | M] ()
< Jay Startup Folder > -> C:\Documents and Settings\Jay\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Block frame with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_frame] -> File not found
Block image with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_image] -> File not found
Block link with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_link] -> File not found
Don't filter page with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_exclude] -> File not found
Report page to the Ad Muncher developers ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_report] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Button: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell Options] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> Reg Error: Key error. [Button: Bonjour] -> File not found
{B06300D0-CCDE-11d2-92D3-0000F87A4A55}:{C651A691-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to R&estricted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{BF80219A-CCDD-11d2-92D3-0000F87A4A55}:{C651A693-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to Tr&usted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{FC09D8A3-C85A-11d2-92D0-0000F87A4A55}:{A58D06D4-CA90-11D2-92D2-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\oline.dll [Button: Offline] -> [1999/02/24 02:00:28 | 000,036,864 | ---- | M] ()
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}" [HKLM] ->  [ieSpell] -> File not found
CmdMapping\\"{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}" [HKLM] ->  [ieSpell Options] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] ->  [Bonjour] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7566 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11505 domain(s) found. -> 
s1_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.com [http] -> Trusted sites -> 
www.yahoo_americangreetings.com [http] -> Trusted sites -> 
antzinpantz.com .[http] -> Trusted sites -> 
helpchat_att.net [http] -> Trusted sites -> 
webmail_att.net [http] -> Trusted sites -> 
www_att.net [http] -> Trusted sites -> 
www_barking-moonbat.com [http] -> Trusted sites -> 
www_barking-moonbat.com [https] -> Trusted sites -> 
ayankinkiwiland_blogspot.com [http] -> Trusted sites -> 
www_cnettv.com [http] -> Trusted sites -> 
forums_computeractive.co.uk [http] -> Trusted sites -> 
www_computeractive.co.uk [http] -> Trusted sites -> 
www_dailymail.co.uk [https] -> Trusted sites -> 
www_download.com [http] -> Trusted sites -> 
www_drpic.com [http] -> Trusted sites -> 
www_dvdvideosoft.com [http] -> Trusted sites -> 
www_emsisoft.com [http] -> Trusted sites -> 
secure_eset.co.uk [https] -> Trusted sites -> 
secure.kodakgallery_eu.com [https] -> Trusted sites -> 
www_foxnews.com [http] -> Trusted sites -> 
www_google.co.uk [http] -> Trusted sites -> 
mail_google.com [http] -> Trusted sites -> 
computer_howstuffworks.com [http] -> Trusted sites -> 
www_humanevents.com [http] -> Trusted sites -> 
www_irs.gov [http] -> Trusted sites -> 
www_jacquielawson.com [http] -> Trusted sites -> 
www_jessops.com [http] -> Trusted sites -> 
www_kodak.com [http] -> Trusted sites -> 
wwwuk_kodak.com [http] -> Trusted sites -> 
www_kodakgallery.com [http] -> Trusted sites -> 
letterpop.com .[http] -> Trusted sites -> 
account_live.com [https] -> Trusted sites -> 
cid-56193df6ff453161.home.services.spaces_live.com [http] -> Trusted sites -> 
memory_loc.gov [http] -> Trusted sites -> 
mail_lycos.com [http] -> Trusted sites -> 
www_memorexlive.com [http] -> Trusted sites -> 
office_microsoft.com [http] -> Trusted sites -> 
support_microsoft.com [http] -> Trusted sites -> 
technet2_microsoft.com [http] -> Trusted sites -> 
update_microsoft.com [http] -> Trusted sites -> 
www.update_microsoft.com [http] -> Trusted sites -> 
by123fd.bay123.hotmail_msn.com [http] -> Trusted sites -> 
photobucket.com .[http] -> Trusted sites -> 
s144_photobucket.com [http] -> Trusted sites -> 
www_safer-networking.org [http] -> Trusted sites -> 
investing_schwab.com [https] -> Trusted sites -> 
www_serif.com [http] -> Trusted sites -> 
www_shagjam.com [http] -> Trusted sites -> 
www1_snapfish.co.uk [http] -> Trusted sites -> 
www_techsupportguy.com [http] -> Trusted sites -> 
www_telegraph.co.uk [http] -> Trusted sites -> 
www_tesco.com [http] -> Trusted sites -> 
www_tescodigital.com [http] -> Trusted sites -> 
www_theothersideofkim.com [http] -> Trusted sites -> 
london_usembassy.gov [http] -> Trusted sites -> 
wiredness.com .[http] -> Trusted sites -> 
online_wsj.com [http] -> Trusted sites -> 
uk.f256.mail_yahoo.com [http] -> Trusted sites -> 
www_yousendit.com [https] -> Trusted sites -> 
news_zdnet.com [http] -> Trusted sites -> 
review_zdnet.com [http] -> Trusted sites -> 
download_zonelabs.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/odc.cab [Microsoft PID Sniffer] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.snapfish.co.uk/SnapfishUKActivia.cab [Snapfish Activia] -> 
{474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab [UploadListView Class] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab [Windows Live Safety Center Base Module] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843 [MUWebControl Class] -> 
{6F750200-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab [Ofoto Upload Manager Class] -> 
{7F8C8173-AD80-4807-AA75-5672F22B4582} [HKLM] -> http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab [ICSScanner Class] -> 
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} [HKLM] -> http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab [Windows Live Photo Upload Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx [Get_ActiveX Control] -> 
{BD8667B7-38D8-4C77-B580-18C3E146372C} [HKLM] -> http://ak.imgag.com/imgag/cp/install/Crusher.cab [Creative Toolbox Plug-in] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{C946EF6D-296D-4907-A6E1-ED0E8E5AF024} [HKLM] -> http://mail.lycos.com/hanmail-ax/AttachMail.cab [LycosMail Upload Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [HKLM] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab [CTAdjust Class] -> 
{E8F628B5-259A-4734-97EE-BA914D7BE941} [HKLM] -> http://driveragent.com/files/driveragent.cab [Driver Agent ActiveX Control] -> 
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll [PCPitstop Exam] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
Photobucket Publisher [HKLM] -> http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{CE0939F7-AC83-4916-9A59-38F3DBA89298}\\DhcpNameServer -> 192.168.1.254   (Intel(R) PRO/100 VE Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon] -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
!AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Reg Error: Value error. -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 20/12/2010 10:33:14 AM Computer Name = DFY1752J | Source = Ci | ID = 4126 -> Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will   be automatically restored by refiltering all documents.
Application [ Error ] 27/12/2010 4:42:08 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:12 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:21 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:24 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:32 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:58:27 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:59:19 AM Computer Name = DFY1752J | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 29/12/2010 11:04:04 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 11:04:31 AM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
System [ Error ] 02/12/2010 3:52:12 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 09/12/2010 9:49:23 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 16/12/2010 11:21:55 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 22/12/2010 8:48:01 AM Computer Name = DFY1752J | Source = DCOM | ID = 10010 -> Description = The server {B366DEBE-645B-43A5-B865-DDD82C345492} did not register with DCOM within the required timeout.
System [ Error ] 23/12/2010 4:26:58 PM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 29/12/2010 11:39:25 AM Computer Name = DFY1752J | Source = Service Control Manager | ID = 7031 -> Description = The ESET Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
[Files/Folders - Created Within 30 Days]
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:37 | 000,642,048 | ---- | C] (OldTimer Tools)
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:22 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 SNOWY ENGLAND -> C:\Documents and Settings\Jay\Desktop\SNOWY ENGLAND -> [2010/12/24 16:32:45 | 000,000,000 | ---D | C]
 ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2010/12/15 13:36:59 | 000,040,960 | ---- | C] (Microsoft Corporation)
 $hf_mig$ -> C:\WINDOWS\$hf_mig$ -> [2010/12/15 13:36:20 | 000,000,000 | -H-D | C]
 wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2010/12/15 13:36:04 | 000,045,568 | ---- | C] (Microsoft Corporation)
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | C] (Google Inc.)
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/12/30 09:22:51 | 000,000,330 | -H-- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/30 09:20:32 | 000,002,206 | ---- | M] ()
 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/12/30 09:20:11 | 000,000,868 | ---- | M] ()
 ConfigExec.job -> C:\WINDOWS\tasks\ConfigExec.job -> [2010/12/30 09:19:56 | 000,000,616 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/30 09:19:44 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/12/30 09:19:41 | 3890,368,512 | -HS- | M] ()
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
 Download OTS.doc -> C:\Documents and Settings\Jay\Desktop\Download OTS.doc -> [2010/12/29 20:32:15 | 000,019,456 | ---- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Jay\Desktop\Microsoft Word.lnk -> [2010/12/29 20:29:18 | 000,002,473 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> [2010/12/29 20:13:00 | 000,000,968 | ---- | M] ()
 DataUpload.job -> C:\WINDOWS\tasks\DataUpload.job -> [2010/12/29 19:37:00 | 000,000,580 | -H-- | M] ()
 fssort.ini -> C:\Documents and Settings\Jay\Desktop\fssort.ini -> [2010/12/29 18:56:44 | 000,000,265 | -H-- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> [2010/12/29 17:13:00 | 000,000,916 | ---- | M] ()
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 16:00:01 | 000,059,825 | ---- | M] ()
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/29 15:54:45 | 000,093,529 | ---- | M] ()
 User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> [2010/12/29 10:53:46 | 000,000,388 | -H-- | M] ()
 EasyShare Registration Task.job -> C:\WINDOWS\tasks\EasyShare Registration Task.job -> [2010/12/28 12:47:01 | 000,000,432 | ---- | M] ()
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:29 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/12/27 13:34:16 | 000,429,771 | R--- | M] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/27 13:32:50 | 000,024,576 | ---- | M] ()
 A ****ED UP SONY SITE.jpg -> C:\Documents and Settings\Jay\Desktop\A ****ED UP SONY SITE.jpg -> [2010/12/26 17:13:28 | 000,031,988 | ---- | M] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:36 | 000,019,456 | ---- | M] ()
 Carol Vorderman Gor-Jus at 50.jpg -> C:\Documents and Settings\Jay\Desktop\Carol Vorderman Gor-Jus at 50.jpg -> [2010/12/26 15:24:53 | 000,119,810 | ---- | M] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/24 19:23:23 | 000,029,696 | ---- | M] ()
 A VERY ANNOYING AD.jpg -> C:\Documents and Settings\Jay\Desktop\A VERY ANNOYING AD.jpg -> [2010/12/23 20:34:16 | 000,012,235 | ---- | M] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | M] ()
 hosts.20101227-133416.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101227-133416.backup -> [2010/12/23 12:08:59 | 000,429,771 | R--- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/12/22 13:43:10 | 000,000,784 | ---- | M] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:53:19 | 000,019,456 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 A FAT BAG OF ****.jpg -> C:\Documents and Settings\Jay\Desktop\A FAT BAG OF ****.jpg -> [2010/12/19 19:46:49 | 000,047,765 | ---- | M] ()
 hosts.20101223-120858.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101223-120858.backup -> [2010/12/18 10:17:43 | 000,429,105 | R--- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/15 13:44:01 | 000,372,872 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:39:05 | 000,001,393 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/12/15 13:20:44 | 000,442,466 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/12/15 13:20:44 | 000,071,732 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:35 | 000,000,779 | ---- | M] ()
 hosts.20101218-101742.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101218-101742.backup -> [2010/12/15 11:40:36 | 000,428,361 | R--- | M] ()
 http examples.doc -> C:\Documents and Settings\Jay\Desktop\http examples.doc -> [2010/12/14 20:08:06 | 000,024,064 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/11 19:23:01 | 000,000,284 | ---- | M] ()
 Picasa 3.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> [2010/12/09 15:34:57 | 000,000,777 | ---- | M] ()
 hosts.20101215-114036.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101215-114036.backup -> [2010/12/09 14:39:42 | 000,428,361 | R--- | M] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | M] ()
 hosts.20101209-143941.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101209-143941.backup -> [2010/12/02 11:25:10 | 000,428,073 | R--- | M] ()
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | M] (Google Inc.)
 3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 Download OTS.doc -> C:\Documents and Settings\Jay\Desktop\Download OTS.doc -> [2010/12/29 20:29:41 | 000,019,456 | ---- | C] ()
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 15:56:20 | 000,059,825 | ---- | C] ()
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/29 15:54:45 | 000,093,529 | ---- | C] ()
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | C] ()
 A ****ED UP SONY SITE.jpg -> C:\Documents and Settings\Jay\Desktop\A ****ED UP SONY SITE.jpg -> [2010/12/26 16:47:42 | 000,031,988 | ---- | C] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:35 | 000,019,456 | ---- | C] ()
 Carol Vorderman Gor-Jus at 50.jpg -> C:\Documents and Settings\Jay\Desktop\Carol Vorderman Gor-Jus at 50.jpg -> [2010/12/26 15:24:51 | 000,119,810 | ---- | C] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/23 21:47:24 | 000,029,696 | ---- | C] ()
 A VERY ANNOYING AD.jpg -> C:\Documents and Settings\Jay\Desktop\A VERY ANNOYING AD.jpg -> [2010/12/23 20:33:26 | 000,012,235 | ---- | C] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | C] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:51:27 | 000,019,456 | ---- | C] ()
 A FAT BAG OF ****.jpg -> C:\Documents and Settings\Jay\Desktop\A FAT BAG OF ****.jpg -> [2010/12/19 19:46:48 | 000,047,765 | ---- | C] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/16 22:15:47 | 000,024,576 | ---- | C] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:34 | 000,000,779 | ---- | C] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:19:30 | 000,001,393 | ---- | C] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | C] ()
 kodakpcd.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\kodakpcd.ini -> [2010/01/07 14:13:42 | 000,000,022 | ---- | C] ()
 clear.log -> C:\Documents and Settings\Jay\Local Settings\Application Data\clear.log -> [2009/11/03 12:42:57 | 000,229,182 | ---- | C] ()
 Relax.ini -> C:\WINDOWS\Relax.ini -> [2008/06/06 17:31:59 | 000,000,052 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007/03/05 12:34:28 | 000,676,224 | ---- | C] ()
 Svclog.log -> C:\Documents and Settings\All Users\Application Data\Svclog.log -> [2007/02/21 12:01:37 | 000,838,514 | ---- | C] ()
 dvd.bmk -> C:\Documents and Settings\Jay\Application Data\dvd.bmk -> [2007/02/02 15:34:30 | 000,003,072 | ---- | C] ()
 vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/12/15 10:20:17 | 000,010,240 | ---- | C] ()
 SBTEDrv.sys -> C:\WINDOWS\System32\drivers\SBTEDrv.sys -> [2006/10/30 09:30:30 | 000,010,032 | ---- | C] ()
 YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2006/10/19 12:25:56 | 000,065,536 | ---- | C] ()
 UNRAR3.dll -> C:\WINDOWS\System32\UNRAR3.dll -> [2006/09/19 18:44:25 | 000,153,088 | ---- | C] ()
 dlccpmui.dll -> C:\WINDOWS\System32\dlccpmui.dll -> [2006/09/15 13:49:03 | 000,638,976 | ---- | C] ()
 dlccins.dll -> C:\WINDOWS\System32\dlccins.dll -> [2006/09/15 13:49:03 | 000,155,648 | ---- | C] ()
 dlccinsr.dll -> C:\WINDOWS\System32\dlccinsr.dll -> [2006/09/15 13:49:03 | 000,106,496 | ---- | C] ()
 dlcccomm.dll -> C:\WINDOWS\System32\dlcccomm.dll -> [2006/09/15 13:49:02 | 000,413,696 | ---- | C] ()
 dlccpplc.dll -> C:\WINDOWS\System32\dlccpplc.dll -> [2006/09/15 13:49:02 | 000,114,688 | ---- | C] ()
 dlccvs.dll -> C:\WINDOWS\System32\dlccvs.dll -> [2006/09/15 13:49:02 | 000,040,960 | ---- | C] ()
 dlccusb1.dll -> C:\WINDOWS\System32\dlccusb1.dll -> [2006/09/15 13:49:01 | 001,134,592 | ---- | C] ()
 dlcchbn3.dll -> C:\WINDOWS\System32\dlcchbn3.dll -> [2006/09/15 13:49:01 | 000,770,048 | ---- | C] ()
 dlcclmpm.dll -> C:\WINDOWS\System32\dlcclmpm.dll -> [2006/09/15 13:49:01 | 000,483,328 | ---- | C] ()
 dlccprox.dll -> C:\WINDOWS\System32\dlccprox.dll -> [2006/09/15 13:49:01 | 000,155,648 | ---- | C] ()
 dlccserv.dll -> C:\WINDOWS\System32\dlccserv.dll -> [2006/09/15 13:49:00 | 001,183,744 | ---- | C] ()
 dlcccomc.dll -> C:\WINDOWS\System32\dlcccomc.dll -> [2006/09/15 13:49:00 | 000,704,512 | ---- | C] ()
 dlccutil.dll -> C:\WINDOWS\System32\dlccutil.dll -> [2006/09/15 13:48:59 | 000,430,080 | ---- | C] ()
 dlcccu.dll -> C:\WINDOWS\System32\dlcccu.dll -> [2006/09/15 13:48:59 | 000,073,728 | ---- | C] ()
 dlcccur.dll -> C:\WINDOWS\System32\dlcccur.dll -> [2006/09/15 13:48:59 | 000,036,864 | ---- | C] ()
 dlccinsb.dll -> C:\WINDOWS\System32\dlccinsb.dll -> [2006/09/15 13:48:58 | 000,176,128 | ---- | C] ()
 dlcccub.dll -> C:\WINDOWS\System32\dlcccub.dll -> [2006/09/15 13:48:58 | 000,086,016 | ---- | C] ()
 dlccjswr.dll -> C:\WINDOWS\System32\dlccjswr.dll -> [2006/09/15 13:48:57 | 000,131,072 | ---- | C] ()
 dlcccfg.dll -> C:\WINDOWS\System32\dlcccfg.dll -> [2006/09/15 13:48:54 | 000,069,632 | ---- | C] ()
 libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2006/06/22 18:22:20 | 000,796,584 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/31 10:32:33 | 000,000,376 | ---- | C] ()
 VistaEmail.ini -> C:\WINDOWS\VistaEmail.ini -> [2006/05/30 20:45:17 | 000,000,042 | ---- | C] ()
 iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2006/04/21 16:08:40 | 000,000,034 | ---- | C] ()
 msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/04/17 10:26:23 | 000,000,002 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Jay\Local Settings\Application Data\fusioncache.dat -> [2006/04/11 16:23:37 | 000,000,126 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/03/25 15:09:47 | 000,020,480 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/03/19 11:40:09 | 000,000,061 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/03/19 11:38:07 | 000,000,126 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/03/19 11:12:30 | 000,000,475 | ---- | C] ()
 SDelete.dll -> C:\WINDOWS\System32\SDelete.dll -> [2005/11/02 09:39:16 | 000,040,960 | ---- | C] ()
 openports.dll -> C:\WINDOWS\System32\openports.dll -> [2005/11/02 09:39:16 | 000,024,924 | ---- | C] ()
 dlcccnv4.dll -> C:\WINDOWS\System32\dlcccnv4.dll -> [2005/04/01 10:44:16 | 000,061,440 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,891 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2004/06/09 11:19:20 | 000,000,000 | ---- | C] ()
 MSO97V.DLL -> C:\WINDOWS\System32\MSO97V.DLL -> [2002/12/09 23:00:00 | 001,708,032 | ---- | C] ()
 DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [2002/12/09 23:00:00 | 000,036,864 | ---- | C] ()
 MSORFS.DLL -> C:\WINDOWS\System32\MSORFS.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 webzone.dll -> C:\WINDOWS\System32\webzone.dll -> [1999/03/01 19:03:28 | 000,036,864 | ---- | C] ()
 oline.dll -> C:\WINDOWS\System32\oline.dll -> [1999/02/24 02:00:28 | 000,036,864 | ---- | C] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 18:46:58 | 000,065,536 | ---- | C] ()
 REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 08:00:00 | 000,040,448 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 494 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
```


----------



## jayd (Mar 1, 2006)

```
OTS logfile created on: 30/12/2010 9:35:40 AM - Run 1
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.45 Gb Total Space | 45.29 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DFY1752J
Current User Name: Jay
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
admunch.exe -> C:\Program Files\Ad Muncher\AdMunch.exe -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
googlecrashhandler.exe -> C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe -> [2010/10/19 16:08:15 | 000,134,808 | ---- | M] (Google Inc.)
iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
forcefield.exe -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
bthelpnotifier.exe -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
 
[Modules - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
am32-32300.dll -> C:\Program Files\Ad Muncher\AM32-32300.dll -> [2010/12/28 00:30:22 | 000,072,192 | ---- | M] (Murray Hurps Corp Pty Ltd)
sahook.dll -> c:\Program Files\McAfee\SiteAdvisor\sahook.dll -> [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.)
iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
mccicontexthook_dsr.dll -> C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll -> [2009/12/07 11:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll -> [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll -> [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(KodakCCS) Kodak Camera Connection Software [On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\KodakCCS.exe -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
(MatSvc) Microsoft Automated Troubleshooting Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Fix it Center\Matsvc.exe -> [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation)
(IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
(nosGetPlusHelper) getPlus(R) Helper 3004 [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -> [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.)
(EhttpSrv) ESET HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
(dlcc_device) dlcc_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlcccoms.exe -> [2005/06/21 20:19:38 | 000,491,520 | ---- | M] ()
 
[Driver Services - Safe List]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
(srescan) srescan [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\ZoneLabs\srescan.sys -> File not found
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> File not found
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> File not found
(ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2010/09/02 12:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies)
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD)
(cpuz133) cpuz133 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz133_x32.sys -> [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2009/05/14 14:49:32 | 000,094,360 | ---- | M] (ESET)
(ehdrv) ehdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ehdrv.sys -> [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET)
(eamon) eamon [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET)
(cpuz132) cpuz132 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz132_x32.sys -> [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DDMI2.sys -> [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.live.com/ [binary data] -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://uk.msn.com/?ocid=iehp -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA 0C 4C 8F 6B A7 CB 01  [binary data] -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\prefs.js -> 
browser.search.defaultenginename -> "Secure Search" ->
browser.search.defaultthis.engineName -> "ZoneAlarm Security Customized Web Search" ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/webhp?rls=ig" ->
extensions.enabledItems -> {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0 ->
extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 ->
extensions.enabledItems -> [email protected]:5.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15 ->
extensions.enabledItems -> {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0 ->
keyword.URL -> "http://uk.search.yahoo.com/search?fr=mcafee&p=" ->
network.proxy.no_proxies_on -> "127.0.0.1,*.local" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2010/11/21 17:15:33 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/12/16 18:41:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/20 15:26:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/11 18:22:57 | 000,000,000 | ---D | M]
HKLM\software\mozilla\SeaMonkey\Extensions ->  -> 
HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2009/05/20 15:57:17 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions -> [2008/09/14 08:24:14 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions -> [2010/12/29 11:44:47 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2) -> [2008/12/09 13:39:01 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/28 18:10:46 | 000,000,000 | ---D | M]
Flashblock   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/10/14 18:14:56 | 000,000,000 | ---D | M]
IE Tab   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/06/03 17:59:30 | 000,000,000 | ---D | M]
ZoneAlarm Security Toolbar   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} -> [2010/11/21 16:55:30 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/09/11 18:28:27 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} -> [2010/08/17 11:39:36 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/24 17:14:42 | 000,000,000 | ---D | M]
Adobe DLM (powered by getPlus(R))   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2010/10/20 14:08:00 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2010/09/23 12:03:06 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2009/03/26 14:53:47 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bing.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\bing.xml -> [2010/09/23 15:49:26 | 000,001,820 | ---- | M] ()
 conduit.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\conduit.xml -> [2010/08/19 21:08:14 | 000,000,939 | ---- | M] ()
 google-translate-any--en.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\google-translate-any--en.xml -> [2010/09/23 15:52:52 | 000,002,027 | ---- | M] ()
 mozilla-add-ons.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\mozilla-add-ons.xml -> [2008/12/03 15:18:50 | 000,001,620 | ---- | M] ()
 searchgeek.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\searchgeek.xml -> [2010/01/28 20:24:59 | 000,001,859 | ---- | M] ()
 snappy-words.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\snappy-words.xml -> [2010/01/28 20:19:24 | 000,002,256 | ---- | M] ()
 thesaurus---referencecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\thesaurus---referencecom.xml -> [2010/09/23 15:53:46 | 000,001,539 | ---- | M] ()
 timeanddatecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\timeanddatecom.xml -> [2010/12/29 11:44:51 | 000,011,187 | ---- | M] ()
 wot-safe-search.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\wot-safe-search.xml -> [2010/09/11 15:44:32 | 000,002,306 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/12/29 11:44:47 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/04 17:23:15 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/29 18:02:46 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/12/27 13:34:16 | 000,429,771 | R--- | M] - 14842 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 05:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
{872b5b88-9db5-4310-bdd0-ac189557e5f5} [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
{91da5e8a-3318-4f8c-b67e-5964de3ab546} [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/07/13 15:02:19 | 000,668,656 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2009/09/20 01:26:34 | 000,158,008 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Ad Muncher" -> C:\Program Files\Ad Muncher\AdMunch.exe ["C:\Program Files\Ad Muncher\AdMunch.exe" /bt] -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
"btbb_McciTrayApp" -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe ["C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"] -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
"DLCCCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]] -> [2005/06/07 18:38:10 | 000,069,632 | ---- | M] ()
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 000,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
"MSKDetectorExe" -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> [2005/07/12 19:05:30 | 001,117,184 | ---- | M] (McAfee, Inc.)
"SBAutoUpdate" -> C:\Program Files\SpywareBlaster\sbautoupdate.exe ["C:\Program Files\SpywareBlaster\sbautoupdate.exe"] -> [2010/08/30 22:35:16 | 000,938,744 | ---- | M] ()
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> C:\Program Files\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/13 15:02:19 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled -> [2006/09/28 20:40:49 | 000,001,725 | ---- | M] ()
< Jay Startup Folder > -> C:\Documents and Settings\Jay\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Block frame with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_frame] -> File not found
Block image with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_image] -> File not found
Block link with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_link] -> File not found
Don't filter page with Ad Muncher ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_exclude] -> File not found
Report page to the Ad Muncher developers ->  [http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=836746Y8&id=menu_ie_report] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Button: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell Options] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> Reg Error: Key error. [Button: Bonjour] -> File not found
{B06300D0-CCDE-11d2-92D3-0000F87A4A55}:{C651A691-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to R&estricted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{BF80219A-CCDD-11d2-92D3-0000F87A4A55}:{C651A693-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to Tr&usted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{FC09D8A3-C85A-11d2-92D0-0000F87A4A55}:{A58D06D4-CA90-11D2-92D2-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\oline.dll [Button: Offline] -> [1999/02/24 02:00:28 | 000,036,864 | ---- | M] ()
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}" [HKLM] ->  [ieSpell] -> File not found
CmdMapping\\"{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}" [HKLM] ->  [ieSpell Options] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] ->  [Bonjour] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7566 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11505 domain(s) found. -> 
s1_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.com [http] -> Trusted sites -> 
www.yahoo_americangreetings.com [http] -> Trusted sites -> 
antzinpantz.com .[http] -> Trusted sites -> 
helpchat_att.net [http] -> Trusted sites -> 
webmail_att.net [http] -> Trusted sites -> 
www_att.net [http] -> Trusted sites -> 
www_barking-moonbat.com [http] -> Trusted sites -> 
www_barking-moonbat.com [https] -> Trusted sites -> 
ayankinkiwiland_blogspot.com [http] -> Trusted sites -> 
www_cnettv.com [http] -> Trusted sites -> 
forums_computeractive.co.uk [http] -> Trusted sites -> 
www_computeractive.co.uk [http] -> Trusted sites -> 
www_dailymail.co.uk [https] -> Trusted sites -> 
www_download.com [http] -> Trusted sites -> 
www_drpic.com [http] -> Trusted sites -> 
www_dvdvideosoft.com [http] -> Trusted sites -> 
www_emsisoft.com [http] -> Trusted sites -> 
secure_eset.co.uk [https] -> Trusted sites -> 
secure.kodakgallery_eu.com [https] -> Trusted sites -> 
www_foxnews.com [http] -> Trusted sites -> 
www_google.co.uk [http] -> Trusted sites -> 
mail_google.com [http] -> Trusted sites -> 
computer_howstuffworks.com [http] -> Trusted sites -> 
www_humanevents.com [http] -> Trusted sites -> 
www_irs.gov [http] -> Trusted sites -> 
www_jacquielawson.com [http] -> Trusted sites -> 
www_jessops.com [http] -> Trusted sites -> 
www_kodak.com [http] -> Trusted sites -> 
wwwuk_kodak.com [http] -> Trusted sites -> 
www_kodakgallery.com [http] -> Trusted sites -> 
letterpop.com .[http] -> Trusted sites -> 
account_live.com [https] -> Trusted sites -> 
cid-56193df6ff453161.home.services.spaces_live.com [http] -> Trusted sites -> 
memory_loc.gov [http] -> Trusted sites -> 
mail_lycos.com [http] -> Trusted sites -> 
www_memorexlive.com [http] -> Trusted sites -> 
office_microsoft.com [http] -> Trusted sites -> 
support_microsoft.com [http] -> Trusted sites -> 
technet2_microsoft.com [http] -> Trusted sites -> 
update_microsoft.com [http] -> Trusted sites -> 
www.update_microsoft.com [http] -> Trusted sites -> 
by123fd.bay123.hotmail_msn.com [http] -> Trusted sites -> 
photobucket.com .[http] -> Trusted sites -> 
s144_photobucket.com [http] -> Trusted sites -> 
www_safer-networking.org [http] -> Trusted sites -> 
investing_schwab.com [https] -> Trusted sites -> 
www_serif.com [http] -> Trusted sites -> 
www_shagjam.com [http] -> Trusted sites -> 
www1_snapfish.co.uk [http] -> Trusted sites -> 
www_techsupportguy.com [http] -> Trusted sites -> 
www_telegraph.co.uk [http] -> Trusted sites -> 
www_tesco.com [http] -> Trusted sites -> 
www_tescodigital.com [http] -> Trusted sites -> 
www_theothersideofkim.com [http] -> Trusted sites -> 
london_usembassy.gov [http] -> Trusted sites -> 
wiredness.com .[http] -> Trusted sites -> 
online_wsj.com [http] -> Trusted sites -> 
uk.f256.mail_yahoo.com [http] -> Trusted sites -> 
www_yousendit.com [https] -> Trusted sites -> 
news_zdnet.com [http] -> Trusted sites -> 
review_zdnet.com [http] -> Trusted sites -> 
download_zonelabs.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/odc.cab [Microsoft PID Sniffer] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.snapfish.co.uk/SnapfishUKActivia.cab [Snapfish Activia] -> 
{474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab [UploadListView Class] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab [Windows Live Safety Center Base Module] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843 [MUWebControl Class] -> 
{6F750200-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab [Ofoto Upload Manager Class] -> 
{7F8C8173-AD80-4807-AA75-5672F22B4582} [HKLM] -> http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab [ICSScanner Class] -> 
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} [HKLM] -> http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab [Windows Live Photo Upload Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx [Get_ActiveX Control] -> 
{BD8667B7-38D8-4C77-B580-18C3E146372C} [HKLM] -> http://ak.imgag.com/imgag/cp/install/Crusher.cab [Creative Toolbox Plug-in] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{C946EF6D-296D-4907-A6E1-ED0E8E5AF024} [HKLM] -> http://mail.lycos.com/hanmail-ax/AttachMail.cab [LycosMail Upload Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [HKLM] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab [CTAdjust Class] -> 
{E8F628B5-259A-4734-97EE-BA914D7BE941} [HKLM] -> http://driveragent.com/files/driveragent.cab [Driver Agent ActiveX Control] -> 
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll [PCPitstop Exam] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
Photobucket Publisher [HKLM] -> http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{CE0939F7-AC83-4916-9A59-38F3DBA89298}\\DhcpNameServer -> 192.168.1.254   (Intel(R) PRO/100 VE Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon] -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
!AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Reg Error: Value error. -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 20/12/2010 10:33:14 AM Computer Name = DFY1752J | Source = Ci | ID = 4126 -> Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will   be automatically restored by refiltering all documents.
Application [ Error ] 27/12/2010 4:42:08 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:12 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:21 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:24 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:32 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:58:27 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:59:19 AM Computer Name = DFY1752J | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 29/12/2010 11:04:04 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 11:04:31 AM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
System [ Error ] 02/12/2010 3:52:12 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 09/12/2010 9:49:23 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 16/12/2010 11:21:55 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 22/12/2010 8:48:01 AM Computer Name = DFY1752J | Source = DCOM | ID = 10010 -> Description = The server {B366DEBE-645B-43A5-B865-DDD82C345492} did not register with DCOM within the required timeout.
System [ Error ] 23/12/2010 4:26:58 PM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 29/12/2010 11:39:25 AM Computer Name = DFY1752J | Source = Service Control Manager | ID = 7031 -> Description = The ESET Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
[Files/Folders - Created Within 30 Days]
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:37 | 000,642,048 | ---- | C] (OldTimer Tools)
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:22 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 SNOWY ENGLAND -> C:\Documents and Settings\Jay\Desktop\SNOWY ENGLAND -> [2010/12/24 16:32:45 | 000,000,000 | ---D | C]
 ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2010/12/15 13:36:59 | 000,040,960 | ---- | C] (Microsoft Corporation)
 $hf_mig$ -> C:\WINDOWS\$hf_mig$ -> [2010/12/15 13:36:20 | 000,000,000 | -H-D | C]
 wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2010/12/15 13:36:04 | 000,045,568 | ---- | C] (Microsoft Corporation)
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | C] (Google Inc.)
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/12/30 09:22:51 | 000,000,330 | -H-- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/30 09:20:32 | 000,002,206 | ---- | M] ()
 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/12/30 09:20:11 | 000,000,868 | ---- | M] ()
 ConfigExec.job -> C:\WINDOWS\tasks\ConfigExec.job -> [2010/12/30 09:19:56 | 000,000,616 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/30 09:19:44 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/12/30 09:19:41 | 3890,368,512 | -HS- | M] ()
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
 Download OTS.doc -> C:\Documents and Settings\Jay\Desktop\Download OTS.doc -> [2010/12/29 20:32:15 | 000,019,456 | ---- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Jay\Desktop\Microsoft Word.lnk -> [2010/12/29 20:29:18 | 000,002,473 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> [2010/12/29 20:13:00 | 000,000,968 | ---- | M] ()
 DataUpload.job -> C:\WINDOWS\tasks\DataUpload.job -> [2010/12/29 19:37:00 | 000,000,580 | -H-- | M] ()
 fssort.ini -> C:\Documents and Settings\Jay\Desktop\fssort.ini -> [2010/12/29 18:56:44 | 000,000,265 | -H-- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> [2010/12/29 17:13:00 | 000,000,916 | ---- | M] ()
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 16:00:01 | 000,059,825 | ---- | M] ()
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/29 15:54:45 | 000,093,529 | ---- | M] ()
 User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> [2010/12/29 10:53:46 | 000,000,388 | -H-- | M] ()
 EasyShare Registration Task.job -> C:\WINDOWS\tasks\EasyShare Registration Task.job -> [2010/12/28 12:47:01 | 000,000,432 | ---- | M] ()
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:29 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/12/27 13:34:16 | 000,429,771 | R--- | M] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/27 13:32:50 | 000,024,576 | ---- | M] ()
 A ****ED UP SONY SITE.jpg -> C:\Documents and Settings\Jay\Desktop\A ****ED UP SONY SITE.jpg -> [2010/12/26 17:13:28 | 000,031,988 | ---- | M] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:36 | 000,019,456 | ---- | M] ()
 Carol Vorderman Gor-Jus at 50.jpg -> C:\Documents and Settings\Jay\Desktop\Carol Vorderman Gor-Jus at 50.jpg -> [2010/12/26 15:24:53 | 000,119,810 | ---- | M] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/24 19:23:23 | 000,029,696 | ---- | M] ()
 A VERY ANNOYING AD.jpg -> C:\Documents and Settings\Jay\Desktop\A VERY ANNOYING AD.jpg -> [2010/12/23 20:34:16 | 000,012,235 | ---- | M] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | M] ()
 hosts.20101227-133416.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101227-133416.backup -> [2010/12/23 12:08:59 | 000,429,771 | R--- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/12/22 13:43:10 | 000,000,784 | ---- | M] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:53:19 | 000,019,456 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 A FAT BAG OF ****.jpg -> C:\Documents and Settings\Jay\Desktop\A FAT BAG OF ****.jpg -> [2010/12/19 19:46:49 | 000,047,765 | ---- | M] ()
 hosts.20101223-120858.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101223-120858.backup -> [2010/12/18 10:17:43 | 000,429,105 | R--- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/15 13:44:01 | 000,372,872 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:39:05 | 000,001,393 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/12/15 13:20:44 | 000,442,466 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/12/15 13:20:44 | 000,071,732 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:35 | 000,000,779 | ---- | M] ()
 hosts.20101218-101742.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101218-101742.backup -> [2010/12/15 11:40:36 | 000,428,361 | R--- | M] ()
 http examples.doc -> C:\Documents and Settings\Jay\Desktop\http examples.doc -> [2010/12/14 20:08:06 | 000,024,064 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/11 19:23:01 | 000,000,284 | ---- | M] ()
 Picasa 3.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> [2010/12/09 15:34:57 | 000,000,777 | ---- | M] ()
 hosts.20101215-114036.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101215-114036.backup -> [2010/12/09 14:39:42 | 000,428,361 | R--- | M] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | M] ()
 hosts.20101209-143941.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101209-143941.backup -> [2010/12/02 11:25:10 | 000,428,073 | R--- | M] ()
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | M] (Google Inc.)
 3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 Download OTS.doc -> C:\Documents and Settings\Jay\Desktop\Download OTS.doc -> [2010/12/29 20:29:41 | 000,019,456 | ---- | C] ()
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 15:56:20 | 000,059,825 | ---- | C] ()
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/29 15:54:45 | 000,093,529 | ---- | C] ()
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | C] ()
 A ****ED UP SONY SITE.jpg -> C:\Documents and Settings\Jay\Desktop\A ****ED UP SONY SITE.jpg -> [2010/12/26 16:47:42 | 000,031,988 | ---- | C] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:35 | 000,019,456 | ---- | C] ()
 Carol Vorderman Gor-Jus at 50.jpg -> C:\Documents and Settings\Jay\Desktop\Carol Vorderman Gor-Jus at 50.jpg -> [2010/12/26 15:24:51 | 000,119,810 | ---- | C] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/23 21:47:24 | 000,029,696 | ---- | C] ()
 A VERY ANNOYING AD.jpg -> C:\Documents and Settings\Jay\Desktop\A VERY ANNOYING AD.jpg -> [2010/12/23 20:33:26 | 000,012,235 | ---- | C] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | C] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:51:27 | 000,019,456 | ---- | C] ()
 A FAT BAG OF ****.jpg -> C:\Documents and Settings\Jay\Desktop\A FAT BAG OF ****.jpg -> [2010/12/19 19:46:48 | 000,047,765 | ---- | C] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/16 22:15:47 | 000,024,576 | ---- | C] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:34 | 000,000,779 | ---- | C] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:19:30 | 000,001,393 | ---- | C] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | C] ()
 kodakpcd.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\kodakpcd.ini -> [2010/01/07 14:13:42 | 000,000,022 | ---- | C] ()
 clear.log -> C:\Documents and Settings\Jay\Local Settings\Application Data\clear.log -> [2009/11/03 12:42:57 | 000,229,182 | ---- | C] ()
 Relax.ini -> C:\WINDOWS\Relax.ini -> [2008/06/06 17:31:59 | 000,000,052 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007/03/05 12:34:28 | 000,676,224 | ---- | C] ()
 Svclog.log -> C:\Documents and Settings\All Users\Application Data\Svclog.log -> [2007/02/21 12:01:37 | 000,838,514 | ---- | C] ()
 dvd.bmk -> C:\Documents and Settings\Jay\Application Data\dvd.bmk -> [2007/02/02 15:34:30 | 000,003,072 | ---- | C] ()
 vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/12/15 10:20:17 | 000,010,240 | ---- | C] ()
 SBTEDrv.sys -> C:\WINDOWS\System32\drivers\SBTEDrv.sys -> [2006/10/30 09:30:30 | 000,010,032 | ---- | C] ()
 YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2006/10/19 12:25:56 | 000,065,536 | ---- | C] ()
 UNRAR3.dll -> C:\WINDOWS\System32\UNRAR3.dll -> [2006/09/19 18:44:25 | 000,153,088 | ---- | C] ()
 dlccpmui.dll -> C:\WINDOWS\System32\dlccpmui.dll -> [2006/09/15 13:49:03 | 000,638,976 | ---- | C] ()
 dlccins.dll -> C:\WINDOWS\System32\dlccins.dll -> [2006/09/15 13:49:03 | 000,155,648 | ---- | C] ()
 dlccinsr.dll -> C:\WINDOWS\System32\dlccinsr.dll -> [2006/09/15 13:49:03 | 000,106,496 | ---- | C] ()
 dlcccomm.dll -> C:\WINDOWS\System32\dlcccomm.dll -> [2006/09/15 13:49:02 | 000,413,696 | ---- | C] ()
 dlccpplc.dll -> C:\WINDOWS\System32\dlccpplc.dll -> [2006/09/15 13:49:02 | 000,114,688 | ---- | C] ()
 dlccvs.dll -> C:\WINDOWS\System32\dlccvs.dll -> [2006/09/15 13:49:02 | 000,040,960 | ---- | C] ()
 dlccusb1.dll -> C:\WINDOWS\System32\dlccusb1.dll -> [2006/09/15 13:49:01 | 001,134,592 | ---- | C] ()
 dlcchbn3.dll -> C:\WINDOWS\System32\dlcchbn3.dll -> [2006/09/15 13:49:01 | 000,770,048 | ---- | C] ()
 dlcclmpm.dll -> C:\WINDOWS\System32\dlcclmpm.dll -> [2006/09/15 13:49:01 | 000,483,328 | ---- | C] ()
 dlccprox.dll -> C:\WINDOWS\System32\dlccprox.dll -> [2006/09/15 13:49:01 | 000,155,648 | ---- | C] ()
 dlccserv.dll -> C:\WINDOWS\System32\dlccserv.dll -> [2006/09/15 13:49:00 | 001,183,744 | ---- | C] ()
 dlcccomc.dll -> C:\WINDOWS\System32\dlcccomc.dll -> [2006/09/15 13:49:00 | 000,704,512 | ---- | C] ()
 dlccutil.dll -> C:\WINDOWS\System32\dlccutil.dll -> [2006/09/15 13:48:59 | 000,430,080 | ---- | C] ()
 dlcccu.dll -> C:\WINDOWS\System32\dlcccu.dll -> [2006/09/15 13:48:59 | 000,073,728 | ---- | C] ()
 dlcccur.dll -> C:\WINDOWS\System32\dlcccur.dll -> [2006/09/15 13:48:59 | 000,036,864 | ---- | C] ()
 dlccinsb.dll -> C:\WINDOWS\System32\dlccinsb.dll -> [2006/09/15 13:48:58 | 000,176,128 | ---- | C] ()
 dlcccub.dll -> C:\WINDOWS\System32\dlcccub.dll -> [2006/09/15 13:48:58 | 000,086,016 | ---- | C] ()
 dlccjswr.dll -> C:\WINDOWS\System32\dlccjswr.dll -> [2006/09/15 13:48:57 | 000,131,072 | ---- | C] ()
 dlcccfg.dll -> C:\WINDOWS\System32\dlcccfg.dll -> [2006/09/15 13:48:54 | 000,069,632 | ---- | C] ()
 libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2006/06/22 18:22:20 | 000,796,584 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/31 10:32:33 | 000,000,376 | ---- | C] ()
 VistaEmail.ini -> C:\WINDOWS\VistaEmail.ini -> [2006/05/30 20:45:17 | 000,000,042 | ---- | C] ()
 iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2006/04/21 16:08:40 | 000,000,034 | ---- | C] ()
 msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/04/17 10:26:23 | 000,000,002 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Jay\Local Settings\Application Data\fusioncache.dat -> [2006/04/11 16:23:37 | 000,000,126 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/03/25 15:09:47 | 000,020,480 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/03/19 11:40:09 | 000,000,061 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/03/19 11:38:07 | 000,000,126 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/03/19 11:12:30 | 000,000,475 | ---- | C] ()
 SDelete.dll -> C:\WINDOWS\System32\SDelete.dll -> [2005/11/02 09:39:16 | 000,040,960 | ---- | C] ()
 openports.dll -> C:\WINDOWS\System32\openports.dll -> [2005/11/02 09:39:16 | 000,024,924 | ---- | C] ()
 dlcccnv4.dll -> C:\WINDOWS\System32\dlcccnv4.dll -> [2005/04/01 10:44:16 | 000,061,440 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,891 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2004/06/09 11:19:20 | 000,000,000 | ---- | C] ()
 MSO97V.DLL -> C:\WINDOWS\System32\MSO97V.DLL -> [2002/12/09 23:00:00 | 001,708,032 | ---- | C] ()
 DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [2002/12/09 23:00:00 | 000,036,864 | ---- | C] ()
 MSORFS.DLL -> C:\WINDOWS\System32\MSORFS.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 webzone.dll -> C:\WINDOWS\System32\webzone.dll -> [1999/03/01 19:03:28 | 000,036,864 | ---- | C] ()
 oline.dll -> C:\WINDOWS\System32\oline.dll -> [1999/02/24 02:00:28 | 000,036,864 | ---- | C] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 18:46:58 | 000,065,536 | ---- | C] ()
 REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 08:00:00 | 000,040,448 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 494 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
```


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
NY -> @Alternate Data Stream - 494 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## jayd (Mar 1, 2006)

COOKIEGAL
Here's the first part, the OTS ...
Will get HiJack this next.


```
OTS logfile created on: 31/12/2010 10:39:41 PM - Run 2
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.45 Gb Total Space | 48.18 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DFY1752J
Current User Name: Jay
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
googlecrashhandler.exe -> C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe -> [2010/10/19 16:08:15 | 000,134,808 | ---- | M] (Google Inc.)
printscreen.exe -> C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe -> [2010/10/14 08:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc)
iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
bthelpnotifier.exe -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
 
[Modules - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
sahook.dll -> c:\Program Files\McAfee\SiteAdvisor\sahook.dll -> [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.)
iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
mccicontexthook_dsr.dll -> C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll -> [2009/12/07 11:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll -> [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll -> [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(KodakCCS) Kodak Camera Connection Software [On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\KodakCCS.exe -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
(MatSvc) Microsoft Automated Troubleshooting Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Fix it Center\Matsvc.exe -> [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation)
(IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
(nosGetPlusHelper) getPlus(R) Helper 3004 [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -> [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.)
(EhttpSrv) ESET HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
(dlcc_device) dlcc_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlcccoms.exe -> [2005/06/21 20:19:38 | 000,491,520 | ---- | M] ()
 
[Driver Services - Safe List]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
(srescan) srescan [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\ZoneLabs\srescan.sys -> File not found
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> File not found
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> File not found
(ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2010/09/02 12:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies)
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD)
(cpuz133) cpuz133 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz133_x32.sys -> [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2009/05/14 14:49:32 | 000,094,360 | ---- | M] (ESET)
(ehdrv) ehdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ehdrv.sys -> [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET)
(eamon) eamon [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET)
(cpuz132) cpuz132 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz132_x32.sys -> [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DDMI2.sys -> [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.live.com/ [binary data] -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://uk.msn.com/?ocid=iehp -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA 0C 4C 8F 6B A7 CB 01  [binary data] -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\prefs.js -> 
browser.search.defaultenginename -> "Secure Search" ->
browser.search.defaultthis.engineName -> "ZoneAlarm Security Customized Web Search" ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/webhp?rls=ig" ->
extensions.enabledItems -> {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0 ->
extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 ->
extensions.enabledItems -> [email protected]:5.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15 ->
extensions.enabledItems -> {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0 ->
keyword.URL -> "http://uk.search.yahoo.com/search?fr=mcafee&p=" ->
network.proxy.no_proxies_on -> "127.0.0.1,*.local" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2010/11/21 17:15:33 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/12/16 18:41:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/20 15:26:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/11 18:22:57 | 000,000,000 | ---D | M]
HKLM\software\mozilla\SeaMonkey\Extensions ->  -> 
HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2009/05/20 15:57:17 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions -> [2008/09/14 08:24:14 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions -> [2010/12/31 16:54:14 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2) -> [2008/12/09 13:39:01 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/28 18:10:46 | 000,000,000 | ---D | M]
Flashblock   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/10/14 18:14:56 | 000,000,000 | ---D | M]
IE Tab   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/06/03 17:59:30 | 000,000,000 | ---D | M]
ZoneAlarm Security Toolbar   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} -> [2010/11/21 16:55:30 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/09/11 18:28:27 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} -> [2010/08/17 11:39:36 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/24 17:14:42 | 000,000,000 | ---D | M]
Adobe DLM (powered by getPlus(R))   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2010/10/20 14:08:00 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2010/09/23 12:03:06 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2009/03/26 14:53:47 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bing.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\bing.xml -> [2010/09/23 15:49:26 | 000,001,820 | ---- | M] ()
 conduit.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\conduit.xml -> [2010/08/19 21:08:14 | 000,000,939 | ---- | M] ()
 google-translate-any--en.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\google-translate-any--en.xml -> [2010/09/23 15:52:52 | 000,002,027 | ---- | M] ()
 mozilla-add-ons.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\mozilla-add-ons.xml -> [2008/12/03 15:18:50 | 000,001,620 | ---- | M] ()
 searchgeek.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\searchgeek.xml -> [2010/01/28 20:24:59 | 000,001,859 | ---- | M] ()
 snappy-words.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\snappy-words.xml -> [2010/01/28 20:19:24 | 000,002,256 | ---- | M] ()
 thesaurus---referencecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\thesaurus---referencecom.xml -> [2010/09/23 15:53:46 | 000,001,539 | ---- | M] ()
 timeanddatecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\timeanddatecom.xml -> [2010/12/29 11:44:51 | 000,011,187 | ---- | M] ()
 wot-safe-search.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\wot-safe-search.xml -> [2010/09/11 15:44:32 | 000,002,306 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/12/31 16:54:14 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/04 17:23:15 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/29 18:02:46 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/12/27 13:34:16 | 000,429,771 | R--- | M] - 14842 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 05:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
{872b5b88-9db5-4310-bdd0-ac189557e5f5} [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
{91da5e8a-3318-4f8c-b67e-5964de3ab546} [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/07/13 15:02:19 | 000,668,656 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2009/09/20 01:26:34 | 000,158,008 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Ad Muncher" -> C:\Program Files\Ad Muncher\AdMunch.exe ["C:\Program Files\Ad Muncher\AdMunch.exe" /bt] -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
"btbb_McciTrayApp" -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe ["C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"] -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
"DLCCCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]] -> [2005/06/07 18:38:10 | 000,069,632 | ---- | M] ()
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 000,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
"MSKDetectorExe" -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> [2005/07/12 19:05:30 | 001,117,184 | ---- | M] (McAfee, Inc.)
"SBAutoUpdate" -> C:\Program Files\SpywareBlaster\sbautoupdate.exe ["C:\Program Files\SpywareBlaster\sbautoupdate.exe"] -> [2010/08/30 22:35:16 | 000,938,744 | ---- | M] ()
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> C:\Program Files\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/13 15:02:19 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled -> [2006/09/28 20:40:49 | 000,001,725 | ---- | M] ()
< Jay Startup Folder > -> C:\Documents and Settings\Jay\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Button: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell Options] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> Reg Error: Key error. [Button: Bonjour] -> File not found
{B06300D0-CCDE-11d2-92D3-0000F87A4A55}:{C651A691-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to R&estricted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{BF80219A-CCDD-11d2-92D3-0000F87A4A55}:{C651A693-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to Tr&usted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{FC09D8A3-C85A-11d2-92D0-0000F87A4A55}:{A58D06D4-CA90-11D2-92D2-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\oline.dll [Button: Offline] -> [1999/02/24 02:00:28 | 000,036,864 | ---- | M] ()
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}" [HKLM] ->  [ieSpell] -> File not found
CmdMapping\\"{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}" [HKLM] ->  [ieSpell Options] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] ->  [Bonjour] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7566 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11505 domain(s) found. -> 
s1_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.com [http] -> Trusted sites -> 
www.yahoo_americangreetings.com [http] -> Trusted sites -> 
antzinpantz.com .[http] -> Trusted sites -> 
helpchat_att.net [http] -> Trusted sites -> 
webmail_att.net [http] -> Trusted sites -> 
www_att.net [http] -> Trusted sites -> 
www_barking-moonbat.com [http] -> Trusted sites -> 
www_barking-moonbat.com [https] -> Trusted sites -> 
ayankinkiwiland_blogspot.com [http] -> Trusted sites -> 
www_cnettv.com [http] -> Trusted sites -> 
forums_computeractive.co.uk [http] -> Trusted sites -> 
www_computeractive.co.uk [http] -> Trusted sites -> 
www_dailymail.co.uk [https] -> Trusted sites -> 
www_download.com [http] -> Trusted sites -> 
www_drpic.com [http] -> Trusted sites -> 
www_dvdvideosoft.com [http] -> Trusted sites -> 
www_emsisoft.com [http] -> Trusted sites -> 
secure_eset.co.uk [https] -> Trusted sites -> 
secure.kodakgallery_eu.com [https] -> Trusted sites -> 
www_foxnews.com [http] -> Trusted sites -> 
www_google.co.uk [http] -> Trusted sites -> 
mail_google.com [http] -> Trusted sites -> 
computer_howstuffworks.com [http] -> Trusted sites -> 
www_humanevents.com [http] -> Trusted sites -> 
www_irs.gov [http] -> Trusted sites -> 
www_jacquielawson.com [http] -> Trusted sites -> 
www_jessops.com [http] -> Trusted sites -> 
www_kodak.com [http] -> Trusted sites -> 
wwwuk_kodak.com [http] -> Trusted sites -> 
www_kodakgallery.com [http] -> Trusted sites -> 
letterpop.com .[http] -> Trusted sites -> 
account_live.com [https] -> Trusted sites -> 
cid-56193df6ff453161.home.services.spaces_live.com [http] -> Trusted sites -> 
memory_loc.gov [http] -> Trusted sites -> 
mail_lycos.com [http] -> Trusted sites -> 
www_memorexlive.com [http] -> Trusted sites -> 
office_microsoft.com [http] -> Trusted sites -> 
support_microsoft.com [http] -> Trusted sites -> 
technet2_microsoft.com [http] -> Trusted sites -> 
update_microsoft.com [http] -> Trusted sites -> 
www.update_microsoft.com [http] -> Trusted sites -> 
by123fd.bay123.hotmail_msn.com [http] -> Trusted sites -> 
photobucket.com .[http] -> Trusted sites -> 
s144_photobucket.com [http] -> Trusted sites -> 
www_safer-networking.org [http] -> Trusted sites -> 
investing_schwab.com [https] -> Trusted sites -> 
www_serif.com [http] -> Trusted sites -> 
www_shagjam.com [http] -> Trusted sites -> 
www1_snapfish.co.uk [http] -> Trusted sites -> 
www_techsupportguy.com [http] -> Trusted sites -> 
www_telegraph.co.uk [http] -> Trusted sites -> 
www_tesco.com [http] -> Trusted sites -> 
www_tescodigital.com [http] -> Trusted sites -> 
www_theothersideofkim.com [http] -> Trusted sites -> 
london_usembassy.gov [http] -> Trusted sites -> 
wiredness.com .[http] -> Trusted sites -> 
online_wsj.com [http] -> Trusted sites -> 
uk.f256.mail_yahoo.com [http] -> Trusted sites -> 
www_yousendit.com [https] -> Trusted sites -> 
news_zdnet.com [http] -> Trusted sites -> 
review_zdnet.com [http] -> Trusted sites -> 
download_zonelabs.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/odc.cab [Microsoft PID Sniffer] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.snapfish.co.uk/SnapfishUKActivia.cab [Snapfish Activia] -> 
{474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab [UploadListView Class] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab [Windows Live Safety Center Base Module] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843 [MUWebControl Class] -> 
{6F750200-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab [Ofoto Upload Manager Class] -> 
{7F8C8173-AD80-4807-AA75-5672F22B4582} [HKLM] -> http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab [ICSScanner Class] -> 
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} [HKLM] -> http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab [Windows Live Photo Upload Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx [Get_ActiveX Control] -> 
{BD8667B7-38D8-4C77-B580-18C3E146372C} [HKLM] -> http://ak.imgag.com/imgag/cp/install/Crusher.cab [Creative Toolbox Plug-in] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{C946EF6D-296D-4907-A6E1-ED0E8E5AF024} [HKLM] -> http://mail.lycos.com/hanmail-ax/AttachMail.cab [LycosMail Upload Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [HKLM] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab [CTAdjust Class] -> 
{E8F628B5-259A-4734-97EE-BA914D7BE941} [HKLM] -> http://driveragent.com/files/driveragent.cab [Driver Agent ActiveX Control] -> 
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll [PCPitstop Exam] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
Photobucket Publisher [HKLM] -> http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{CE0939F7-AC83-4916-9A59-38F3DBA89298}\\DhcpNameServer -> 192.168.1.254   (Intel(R) PRO/100 VE Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon] -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
!AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Reg Error: Value error. -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 20/12/2010 10:33:14 AM Computer Name = DFY1752J | Source = Ci | ID = 4126 -> Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will   be automatically restored by refiltering all documents.
Application [ Error ] 27/12/2010 4:42:08 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:12 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:21 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:24 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:32 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:58:27 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:59:19 AM Computer Name = DFY1752J | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 29/12/2010 11:04:04 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 11:04:31 AM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
System [ Error ] 09/12/2010 9:49:23 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 16/12/2010 11:21:55 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 22/12/2010 8:48:01 AM Computer Name = DFY1752J | Source = DCOM | ID = 10010 -> Description = The server {B366DEBE-645B-43A5-B865-DDD82C345492} did not register with DCOM within the required timeout.
System [ Error ] 23/12/2010 4:26:58 PM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 29/12/2010 11:39:25 AM Computer Name = DFY1752J | Source = Service Control Manager | ID = 7031 -> Description = The ESET Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
System [ Error ] 31/12/2010 6:36:28 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
[Files/Folders - Created Within 30 Days]
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:37 | 000,642,048 | ---- | C] (OldTimer Tools)
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:22 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2010/12/15 13:36:59 | 000,040,960 | ---- | C] (Microsoft Corporation)
 $hf_mig$ -> C:\WINDOWS\$hf_mig$ -> [2010/12/15 13:36:20 | 000,000,000 | -H-D | C]
 wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2010/12/15 13:36:04 | 000,045,568 | ---- | C] (Microsoft Corporation)
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | C] (Google Inc.)
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> [2010/12/31 22:13:00 | 000,000,968 | ---- | M] ()
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/31 21:22:32 | 000,095,477 | ---- | M] ()
 fssort.ini -> C:\Documents and Settings\Jay\Desktop\fssort.ini -> [2010/12/31 21:17:32 | 000,000,230 | -H-- | M] ()
 DataUpload.job -> C:\WINDOWS\tasks\DataUpload.job -> [2010/12/31 19:37:00 | 000,000,580 | -H-- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Jay\Desktop\Microsoft Word.lnk -> [2010/12/31 19:15:41 | 000,002,473 | ---- | M] ()
 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/12/31 17:51:22 | 000,000,868 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> [2010/12/31 17:13:00 | 000,000,916 | ---- | M] ()
 ConfigExec.job -> C:\WINDOWS\tasks\ConfigExec.job -> [2010/12/31 15:37:00 | 000,000,616 | -H-- | M] ()
 http examples.doc -> C:\Documents and Settings\Jay\Desktop\http examples.doc -> [2010/12/31 14:14:21 | 000,024,064 | ---- | M] ()
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/12/31 10:34:12 | 000,000,330 | -H-- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/31 10:31:59 | 000,002,206 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/31 10:31:02 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/12/31 10:31:00 | 3890,368,512 | -HS- | M] ()
 NewsID.doc -> C:\Documents and Settings\Jay\Desktop\NewsID.doc -> [2010/12/30 19:44:45 | 000,020,992 | ---- | M] ()
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 16:00:01 | 000,059,825 | ---- | M] ()
 User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> [2010/12/29 10:53:46 | 000,000,388 | -H-- | M] ()
 EasyShare Registration Task.job -> C:\WINDOWS\tasks\EasyShare Registration Task.job -> [2010/12/28 12:47:01 | 000,000,432 | ---- | M] ()
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:29 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/12/27 13:34:16 | 000,429,771 | R--- | M] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/27 13:32:50 | 000,024,576 | ---- | M] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:36 | 000,019,456 | ---- | M] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/24 19:23:23 | 000,029,696 | ---- | M] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | M] ()
 hosts.20101227-133416.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101227-133416.backup -> [2010/12/23 12:08:59 | 000,429,771 | R--- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/12/22 13:43:10 | 000,000,784 | ---- | M] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:53:19 | 000,019,456 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 hosts.20101223-120858.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101223-120858.backup -> [2010/12/18 10:17:43 | 000,429,105 | R--- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/15 13:44:01 | 000,372,872 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:39:05 | 000,001,393 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/12/15 13:20:44 | 000,442,466 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/12/15 13:20:44 | 000,071,732 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:35 | 000,000,779 | ---- | M] ()
 hosts.20101218-101742.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101218-101742.backup -> [2010/12/15 11:40:36 | 000,428,361 | R--- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/11 19:23:01 | 000,000,284 | ---- | M] ()
 Picasa 3.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> [2010/12/09 15:34:57 | 000,000,777 | ---- | M] ()
 hosts.20101215-114036.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101215-114036.backup -> [2010/12/09 14:39:42 | 000,428,361 | R--- | M] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | M] ()
 hosts.20101209-143941.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101209-143941.backup -> [2010/12/02 11:25:10 | 000,428,073 | R--- | M] ()
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | M] (Google Inc.)
 3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/31 21:22:32 | 000,095,477 | ---- | C] ()
 NewsID.doc -> C:\Documents and Settings\Jay\Desktop\NewsID.doc -> [2010/12/30 19:36:13 | 000,020,992 | ---- | C] ()
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 15:56:20 | 000,059,825 | ---- | C] ()
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | C] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:35 | 000,019,456 | ---- | C] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/23 21:47:24 | 000,029,696 | ---- | C] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | C] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:51:27 | 000,019,456 | ---- | C] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/16 22:15:47 | 000,024,576 | ---- | C] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:34 | 000,000,779 | ---- | C] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:19:30 | 000,001,393 | ---- | C] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | C] ()
 kodakpcd.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\kodakpcd.ini -> [2010/01/07 14:13:42 | 000,000,022 | ---- | C] ()
 clear.log -> C:\Documents and Settings\Jay\Local Settings\Application Data\clear.log -> [2009/11/03 12:42:57 | 000,229,182 | ---- | C] ()
 Relax.ini -> C:\WINDOWS\Relax.ini -> [2008/06/06 17:31:59 | 000,000,052 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007/03/05 12:34:28 | 000,676,224 | ---- | C] ()
 Svclog.log -> C:\Documents and Settings\All Users\Application Data\Svclog.log -> [2007/02/21 12:01:37 | 000,838,514 | ---- | C] ()
 dvd.bmk -> C:\Documents and Settings\Jay\Application Data\dvd.bmk -> [2007/02/02 15:34:30 | 000,003,072 | ---- | C] ()
 vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/12/15 10:20:17 | 000,010,240 | ---- | C] ()
 SBTEDrv.sys -> C:\WINDOWS\System32\drivers\SBTEDrv.sys -> [2006/10/30 09:30:30 | 000,010,032 | ---- | C] ()
 YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2006/10/19 12:25:56 | 000,065,536 | ---- | C] ()
 UNRAR3.dll -> C:\WINDOWS\System32\UNRAR3.dll -> [2006/09/19 18:44:25 | 000,153,088 | ---- | C] ()
 dlccpmui.dll -> C:\WINDOWS\System32\dlccpmui.dll -> [2006/09/15 13:49:03 | 000,638,976 | ---- | C] ()
 dlccins.dll -> C:\WINDOWS\System32\dlccins.dll -> [2006/09/15 13:49:03 | 000,155,648 | ---- | C] ()
 dlccinsr.dll -> C:\WINDOWS\System32\dlccinsr.dll -> [2006/09/15 13:49:03 | 000,106,496 | ---- | C] ()
 dlcccomm.dll -> C:\WINDOWS\System32\dlcccomm.dll -> [2006/09/15 13:49:02 | 000,413,696 | ---- | C] ()
 dlccpplc.dll -> C:\WINDOWS\System32\dlccpplc.dll -> [2006/09/15 13:49:02 | 000,114,688 | ---- | C] ()
 dlccvs.dll -> C:\WINDOWS\System32\dlccvs.dll -> [2006/09/15 13:49:02 | 000,040,960 | ---- | C] ()
 dlccusb1.dll -> C:\WINDOWS\System32\dlccusb1.dll -> [2006/09/15 13:49:01 | 001,134,592 | ---- | C] ()
 dlcchbn3.dll -> C:\WINDOWS\System32\dlcchbn3.dll -> [2006/09/15 13:49:01 | 000,770,048 | ---- | C] ()
 dlcclmpm.dll -> C:\WINDOWS\System32\dlcclmpm.dll -> [2006/09/15 13:49:01 | 000,483,328 | ---- | C] ()
 dlccprox.dll -> C:\WINDOWS\System32\dlccprox.dll -> [2006/09/15 13:49:01 | 000,155,648 | ---- | C] ()
 dlccserv.dll -> C:\WINDOWS\System32\dlccserv.dll -> [2006/09/15 13:49:00 | 001,183,744 | ---- | C] ()
 dlcccomc.dll -> C:\WINDOWS\System32\dlcccomc.dll -> [2006/09/15 13:49:00 | 000,704,512 | ---- | C] ()
 dlccutil.dll -> C:\WINDOWS\System32\dlccutil.dll -> [2006/09/15 13:48:59 | 000,430,080 | ---- | C] ()
 dlcccu.dll -> C:\WINDOWS\System32\dlcccu.dll -> [2006/09/15 13:48:59 | 000,073,728 | ---- | C] ()
 dlcccur.dll -> C:\WINDOWS\System32\dlcccur.dll -> [2006/09/15 13:48:59 | 000,036,864 | ---- | C] ()
 dlccinsb.dll -> C:\WINDOWS\System32\dlccinsb.dll -> [2006/09/15 13:48:58 | 000,176,128 | ---- | C] ()
 dlcccub.dll -> C:\WINDOWS\System32\dlcccub.dll -> [2006/09/15 13:48:58 | 000,086,016 | ---- | C] ()
 dlccjswr.dll -> C:\WINDOWS\System32\dlccjswr.dll -> [2006/09/15 13:48:57 | 000,131,072 | ---- | C] ()
 dlcccfg.dll -> C:\WINDOWS\System32\dlcccfg.dll -> [2006/09/15 13:48:54 | 000,069,632 | ---- | C] ()
 libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2006/06/22 18:22:20 | 000,796,584 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/31 10:32:33 | 000,000,376 | ---- | C] ()
 VistaEmail.ini -> C:\WINDOWS\VistaEmail.ini -> [2006/05/30 20:45:17 | 000,000,042 | ---- | C] ()
 iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2006/04/21 16:08:40 | 000,000,034 | ---- | C] ()
 msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/04/17 10:26:23 | 000,000,002 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Jay\Local Settings\Application Data\fusioncache.dat -> [2006/04/11 16:23:37 | 000,000,126 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/03/25 15:09:47 | 000,020,480 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/03/19 11:40:09 | 000,000,061 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/03/19 11:38:07 | 000,000,126 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/03/19 11:12:30 | 000,000,475 | ---- | C] ()
 SDelete.dll -> C:\WINDOWS\System32\SDelete.dll -> [2005/11/02 09:39:16 | 000,040,960 | ---- | C] ()
 openports.dll -> C:\WINDOWS\System32\openports.dll -> [2005/11/02 09:39:16 | 000,024,924 | ---- | C] ()
 dlcccnv4.dll -> C:\WINDOWS\System32\dlcccnv4.dll -> [2005/04/01 10:44:16 | 000,061,440 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,891 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2004/06/09 11:19:20 | 000,000,000 | ---- | C] ()
 MSO97V.DLL -> C:\WINDOWS\System32\MSO97V.DLL -> [2002/12/09 23:00:00 | 001,708,032 | ---- | C] ()
 DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [2002/12/09 23:00:00 | 000,036,864 | ---- | C] ()
 MSORFS.DLL -> C:\WINDOWS\System32\MSORFS.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 webzone.dll -> C:\WINDOWS\System32\webzone.dll -> [1999/03/01 19:03:28 | 000,036,864 | ---- | C] ()
 oline.dll -> C:\WINDOWS\System32\oline.dll -> [1999/02/24 02:00:28 | 000,036,864 | ---- | C] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 18:46:58 | 000,065,536 | ---- | C] ()
 REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 08:00:00 | 000,040,448 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 494 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
```


----------



## jayd (Mar 1, 2006)

COOKIEGAL
Here's the first part, the OTS ...
Will get HiJack this next.


```
OTS logfile created on: 31/12/2010 10:39:41 PM - Run 2
OTS by OldTimer - Version 3.1.40.1     Folder = C:\Documents and Settings\Jay\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.45 Gb Total Space | 48.18 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DFY1752J
Current User Name: Jay
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
acdaemon.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
googlecrashhandler.exe -> C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe -> [2010/10/19 16:08:15 | 000,134,808 | ---- | M] (Google Inc.)
printscreen.exe -> C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe -> [2010/10/14 08:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc)
iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
acservice.exe -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
bthelpnotifier.exe -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
ekrn.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
egui.exe -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
msascui.exe -> C:\Program Files\Windows Defender\MSASCui.exe -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
issch.exe -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
stsystra.exe -> C:\WINDOWS\stsystra.exe -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
dsagnt.exe -> C:\Program Files\Dell Support\DSAgnt.exe -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
 
[Modules - Safe List]
ots scan exe.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
sahook.dll -> c:\Program Files\McAfee\SiteAdvisor\sahook.dll -> [2010/12/09 14:20:40 | 000,018,176 | ---- | M] (McAfee, Inc.)
iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
mccicontexthook_dsr.dll -> C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll -> [2009/12/07 11:50:46 | 000,198,656 | ---- | M] (Alcatel-Lucent)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll -> [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll -> [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(KodakCCS) Kodak Camera Connection Software [On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\KodakCCS.exe -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.)
(MatSvc) Microsoft Automated Troubleshooting Service [On_Demand | Stopped] -> C:\Program Files\Microsoft Fix it Center\Matsvc.exe -> [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation)
(IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2010/09/02 12:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
(nosGetPlusHelper) getPlus(R) Helper 3004 [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -> [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(ACDaemon) ArcSoft Connect Daemon [Auto | Running] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.)
(EhttpSrv) ESET HTTP Server [On_Demand | Stopped] -> C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -> [2009/05/14 14:54:22 | 000,020,680 | ---- | M] (ESET)
(ekrn) ESET Service [Auto | Running] -> C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -> [2009/05/14 14:47:54 | 000,731,840 | ---- | M] (ESET)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation)
(dlcc_device) dlcc_device [On_Demand | Stopped] -> C:\WINDOWS\System32\dlcccoms.exe -> [2005/06/21 20:19:38 | 000,491,520 | ---- | M] ()
 
[Driver Services - Safe List]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wanatw4.sys -> File not found
(srescan) srescan [Kernel | Boot | Stopped] -> C:\WINDOWS\System32\ZoneLabs\srescan.sys -> File not found
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> File not found
(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> File not found
(ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2010/09/02 12:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies)
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD)
(cpuz133) cpuz133 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz133_x32.sys -> [2010/05/11 11:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(epfwtdir) epfwtdir [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\epfwtdir.sys -> [2009/05/14 14:49:32 | 000,094,360 | ---- | M] (ESET)
(ehdrv) ehdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ehdrv.sys -> [2009/05/14 14:47:14 | 000,107,256 | ---- | M] (ESET)
(eamon) eamon [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\eamon.sys -> [2009/05/14 14:41:10 | 000,114,472 | ---- | M] (ESET)
(cpuz132) cpuz132 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz132_x32.sys -> [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResN.SYS -> [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_N.SYS -> [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(SDDMI2) SDDMI2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DDMI2.sys -> [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Secondary Start Pages" -> http://www.live.com/ [binary data] -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache" -> http://uk.msn.com/?ocid=iehp -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb -> 
HKEY_CURRENT_USER\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BA 0C 4C 8F 6B A7 CB 01  [binary data] -> 
HKEY_CURRENT_USER\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\prefs.js -> 
browser.search.defaultenginename -> "Secure Search" ->
browser.search.defaultthis.engineName -> "ZoneAlarm Security Customized Web Search" ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" ->
browser.search.selectedEngine -> "Google" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.google.com/webhp?rls=ig" ->
extensions.enabledItems -> {3ED591BC-7CC7-495B-A526-B2431356EDC1}:2.0 ->
extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 ->
extensions.enabledItems -> [email protected]:5.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15 ->
extensions.enabledItems -> {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0 ->
keyword.URL -> "http://uk.search.yahoo.com/search?fr=mcafee&p=" ->
network.proxy.no_proxies_on -> "127.0.0.1,*.local" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Jay\Application Data\Mozilla\FireFox\Profiles\xi750tuh.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2010/11/21 17:15:33 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/12/16 18:41:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/20 15:26:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/11 18:22:57 | 000,000,000 | ---D | M]
HKLM\software\mozilla\SeaMonkey\Extensions ->  -> 
HKLM\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1} -> C:\Program Files\Ad Muncher\FirefoxExtension_2.0 [C:\PROGRAM FILES\AD MUNCHER\FIREFOXEXTENSION_2.0] -> [2010/12/28 00:30:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD] -> [2009/05/20 15:57:17 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Extensions -> [2008/09/14 08:24:14 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions -> [2010/12/31 16:54:14 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2) -> [2008/12/09 13:39:01 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/07/28 18:10:46 | 000,000,000 | ---D | M]
Flashblock   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} -> [2010/10/14 18:14:56 | 000,000,000 | ---D | M]
IE Tab   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009/06/03 17:59:30 | 000,000,000 | ---D | M]
ZoneAlarm Security Toolbar   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} -> [2010/11/21 16:55:30 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/09/11 18:28:27 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} -> [2010/08/17 11:39:36 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/24 17:14:42 | 000,000,000 | ---D | M]
Adobe DLM (powered by getPlus(R))   -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2010/10/20 14:08:00 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2010/09/23 12:03:06 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\extensions\[email protected] -> [2009/03/26 14:53:47 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bing.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\bing.xml -> [2010/09/23 15:49:26 | 000,001,820 | ---- | M] ()
 conduit.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\conduit.xml -> [2010/08/19 21:08:14 | 000,000,939 | ---- | M] ()
 google-translate-any--en.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\google-translate-any--en.xml -> [2010/09/23 15:52:52 | 000,002,027 | ---- | M] ()
 mozilla-add-ons.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\mozilla-add-ons.xml -> [2008/12/03 15:18:50 | 000,001,620 | ---- | M] ()
 searchgeek.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\searchgeek.xml -> [2010/01/28 20:24:59 | 000,001,859 | ---- | M] ()
 snappy-words.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\snappy-words.xml -> [2010/01/28 20:19:24 | 000,002,256 | ---- | M] ()
 thesaurus---referencecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\thesaurus---referencecom.xml -> [2010/09/23 15:53:46 | 000,001,539 | ---- | M] ()
 timeanddatecom.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\timeanddatecom.xml -> [2010/12/29 11:44:51 | 000,011,187 | ---- | M] ()
 wot-safe-search.xml -> C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\xi750tuh.default\searchplugins\wot-safe-search.xml -> [2010/09/11 15:44:32 | 000,002,306 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/12/31 16:54:14 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/04 17:23:15 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/29 18:02:46 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/12/27 13:34:16 | 000,429,771 | R--- | M] - 14842 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.100888290cs.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	www.10sek.com
127.0.0.1	10sek.com
127.0.0.1	www.123topsearch.com
127.0.0.1	123topsearch.com
127.0.0.1	www.132.com
127.0.0.1	132.com
127.0.0.1	www.136136.net
127.0.0.1	136136.net
127.0.0.1	www.163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
{30F9B915-B755-4826-820B-08FBA6BD249D} [HKLM] -> C:\Program Files\ConduitEngine\ConduitEngine.dll [Conduit Engine] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 05:20:00 | 000,110,652 | ---- | M] (Sonic Solutions)
{872b5b88-9db5-4310-bdd0-ac189557e5f5} [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
{91da5e8a-3318-4f8c-b67e-5964de3ab546} [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/07/13 15:02:19 | 000,668,656 | ---- | M] (Google Inc.)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [SingleInstance Class] -> [2009/09/20 01:26:34 | 000,158,008 | ---- | M] (Yahoo! Inc)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2010/12/07 15:42:12 | 000,251,416 | ---- | M] (McAfee, Inc.)
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
"Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}" [HKLM] -> C:\Program Files\DVDVideoSoftTB\tbDVD0.dll [DVDVideoSoftTB Toolbar] -> [2010/09/23 15:36:15 | 002,735,200 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}" [HKLM] -> C:\Program Files\ZoneAlarm_Security\tbZone.dll [ZoneAlarm Security Toolbar] -> [2010/06/13 19:10:00 | 002,734,688 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}" [HKLM] -> C:\Program Files\DVDVideoSoft\tbDVD2.dll [DVDVideoSoftTB Toolbar] -> [2010/10/18 10:26:36 | 003,908,192 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/09/02 12:26:26 | 000,591,352 | ---- | M] (Check Point Software Technologies)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [BT Yahoo! Toolbar] -> [2009/09/20 01:26:32 | 001,172,280 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Ad Muncher" -> C:\Program Files\Ad Muncher\AdMunch.exe ["C:\Program Files\Ad Muncher\AdMunch.exe" /bt] -> [2010/12/28 00:30:22 | 000,534,728 | ---- | M] (Murray Hurps Corp Pty Ltd)
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.)
"btbb_McciTrayApp" -> C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe ["C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"] -> [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent)
"DLCCCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]] -> [2005/06/07 18:38:10 | 000,069,632 | ---- | M] ()
"egui" -> C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe ["C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice] -> [2009/05/14 14:47:08 | 002,029,640 | ---- | M] (ESET)
"ISUSPM Startup" -> C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 000,249,856 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation)
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2010/09/02 12:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies)
"MSKDetectorExe" -> C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> [2005/07/12 19:05:30 | 001,117,184 | ---- | M] (McAfee, Inc.)
"SBAutoUpdate" -> C:\Program Files\SpywareBlaster\sbautoupdate.exe ["C:\Program Files\SpywareBlaster\sbautoupdate.exe"] -> [2010/08/30 22:35:16 | 000,938,744 | ---- | M] ()
"SigmatelSysTrayApp" -> C:\WINDOWS\stsystra.exe [stsystra.exe] -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation)
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DellSupport" -> C:\Program Files\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> [2004/07/19 07:51:24 | 000,306,688 | ---- | M] (Gteko Ltd.)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2009/07/13 15:02:19 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled -> [2006/09/28 20:40:49 | 000,001,725 | ---- | M] ()
< Jay Startup Folder > -> C:\Documents and Settings\Jay\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Button: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}:res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}:res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM [HKLM] -> C:\Program Files\ieSpell\iespell.dll [Menu: ieSpell Options] -> [2006/03/27 17:17:34 | 000,225,280 | ---- | M] (Red Egg Software)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2007/10/26 17:09:54 | 000,154,640 | ---- | M] (Microsoft Corporation)
{7F9DB11C-E358-4ca6-A83D-ACC663939424}:{9999A076-A9E2-4C99-8A2B-632FC9429223} [HKLM] -> Reg Error: Key error. [Button: Bonjour] -> File not found
{B06300D0-CCDE-11d2-92D3-0000F87A4A55}:{C651A691-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to R&estricted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{BF80219A-CCDD-11d2-92D3-0000F87A4A55}:{C651A693-CCD9-11D2-92D3-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\webzone.dll [Menu: Add to Tr&usted Zone] -> [1999/03/01 19:03:28 | 000,036,864 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{FC09D8A3-C85A-11d2-92D0-0000F87A4A55}:{A58D06D4-CA90-11D2-92D2-0000F87A4A55} [HKLM] -> C:\WINDOWS\system32\oline.dll [Button: Offline] -> [1999/02/24 02:00:28 | 000,036,864 | ---- | M] ()
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}" [HKLM] ->  [ieSpell] -> File not found
CmdMapping\\"{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}" [HKLM] ->  [ieSpell Options] -> File not found
CmdMapping\\"{7F9DB11C-E358-4ca6-A83D-ACC663939424}" [HKLM] ->  [Bonjour] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7566 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11505 domain(s) found. -> 
s1_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.co.uk [http] -> Trusted sites -> 
www_amazon.com [http] -> Trusted sites -> 
www.yahoo_americangreetings.com [http] -> Trusted sites -> 
antzinpantz.com .[http] -> Trusted sites -> 
helpchat_att.net [http] -> Trusted sites -> 
webmail_att.net [http] -> Trusted sites -> 
www_att.net [http] -> Trusted sites -> 
www_barking-moonbat.com [http] -> Trusted sites -> 
www_barking-moonbat.com [https] -> Trusted sites -> 
ayankinkiwiland_blogspot.com [http] -> Trusted sites -> 
www_cnettv.com [http] -> Trusted sites -> 
forums_computeractive.co.uk [http] -> Trusted sites -> 
www_computeractive.co.uk [http] -> Trusted sites -> 
www_dailymail.co.uk [https] -> Trusted sites -> 
www_download.com [http] -> Trusted sites -> 
www_drpic.com [http] -> Trusted sites -> 
www_dvdvideosoft.com [http] -> Trusted sites -> 
www_emsisoft.com [http] -> Trusted sites -> 
secure_eset.co.uk [https] -> Trusted sites -> 
secure.kodakgallery_eu.com [https] -> Trusted sites -> 
www_foxnews.com [http] -> Trusted sites -> 
www_google.co.uk [http] -> Trusted sites -> 
mail_google.com [http] -> Trusted sites -> 
computer_howstuffworks.com [http] -> Trusted sites -> 
www_humanevents.com [http] -> Trusted sites -> 
www_irs.gov [http] -> Trusted sites -> 
www_jacquielawson.com [http] -> Trusted sites -> 
www_jessops.com [http] -> Trusted sites -> 
www_kodak.com [http] -> Trusted sites -> 
wwwuk_kodak.com [http] -> Trusted sites -> 
www_kodakgallery.com [http] -> Trusted sites -> 
letterpop.com .[http] -> Trusted sites -> 
account_live.com [https] -> Trusted sites -> 
cid-56193df6ff453161.home.services.spaces_live.com [http] -> Trusted sites -> 
memory_loc.gov [http] -> Trusted sites -> 
mail_lycos.com [http] -> Trusted sites -> 
www_memorexlive.com [http] -> Trusted sites -> 
office_microsoft.com [http] -> Trusted sites -> 
support_microsoft.com [http] -> Trusted sites -> 
technet2_microsoft.com [http] -> Trusted sites -> 
update_microsoft.com [http] -> Trusted sites -> 
www.update_microsoft.com [http] -> Trusted sites -> 
by123fd.bay123.hotmail_msn.com [http] -> Trusted sites -> 
photobucket.com .[http] -> Trusted sites -> 
s144_photobucket.com [http] -> Trusted sites -> 
www_safer-networking.org [http] -> Trusted sites -> 
investing_schwab.com [https] -> Trusted sites -> 
www_serif.com [http] -> Trusted sites -> 
www_shagjam.com [http] -> Trusted sites -> 
www1_snapfish.co.uk [http] -> Trusted sites -> 
www_techsupportguy.com [http] -> Trusted sites -> 
www_telegraph.co.uk [http] -> Trusted sites -> 
www_tesco.com [http] -> Trusted sites -> 
www_tescodigital.com [http] -> Trusted sites -> 
www_theothersideofkim.com [http] -> Trusted sites -> 
london_usembassy.gov [http] -> Trusted sites -> 
wiredness.com .[http] -> Trusted sites -> 
online_wsj.com [http] -> Trusted sites -> 
uk.f256.mail_yahoo.com [http] -> Trusted sites -> 
www_yousendit.com [https] -> Trusted sites -> 
news_zdnet.com [http] -> Trusted sites -> 
review_zdnet.com [http] -> Trusted sites -> 
download_zonelabs.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{215B8138-A3CF-44C5-803F-8226143CFC0A} [HKLM] -> http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab [Trend Micro ActiveX Scan Agent 6.6] -> 
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} [HKLM] -> https://support.microsoft.com/OAS/ActiveX/odc.cab [Microsoft PID Sniffer] -> 
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://www.snapfish.co.uk/SnapfishUKActivia.cab [Snapfish Activia] -> 
{474F00F5-3853-492C-AC3A-476512BBC336} [HKLM] -> http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab [UploadListView Class] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab [Windows Live Safety Center Base Module] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843 [MUWebControl Class] -> 
{6F750200-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab [Ofoto Upload Manager Class] -> 
{7F8C8173-AD80-4807-AA75-5672F22B4582} [HKLM] -> http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab [ICSScanner Class] -> 
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} [HKLM] -> http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab [Windows Live Photo Upload Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx [Get_ActiveX Control] -> 
{BD8667B7-38D8-4C77-B580-18C3E146372C} [HKLM] -> http://ak.imgag.com/imgag/cp/install/Crusher.cab [Creative Toolbox Plug-in] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{C946EF6D-296D-4907-A6E1-ED0E8E5AF024} [HKLM] -> http://mail.lycos.com/hanmail-ax/AttachMail.cab [LycosMail Upload Control] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab [Java Plug-in 1.6.0_22] -> 
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7} [HKLM] -> http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab [CTAdjust Class] -> 
{E8F628B5-259A-4734-97EE-BA914D7BE941} [HKLM] -> http://driveragent.com/files/driveragent.cab [Driver Agent ActiveX Control] -> 
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll [PCPitstop Exam] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
Photobucket Publisher [HKLM] -> http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{CE0939F7-AC83-4916-9A59-38F3DBA89298}\\DhcpNameServer -> 192.168.1.254   (Intel(R) PRO/100 VE Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
GoToAssist -> C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll -> [2010/08/09 14:10:00 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> C:\Program Files\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2009/07/10 13:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon] -> [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command
\{6b05da32-e9f4-11de-90c2-00123fcd16ce}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
!AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Reg Error: Value error. -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 20/12/2010 10:33:14 AM Computer Name = DFY1752J | Source = Ci | ID = 4126 -> Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will   be automatically restored by refiltering all documents.
Application [ Error ] 27/12/2010 4:42:08 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:12 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:21 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 27/12/2010 4:42:24 PM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
Application [ Error ] 27/12/2010 4:42:32 PM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:58:27 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 10:59:19 AM Computer Name = DFY1752J | Source = Application Hang | ID = 1002 -> Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 29/12/2010 11:04:04 AM Computer Name = DFY1752J | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tbdvd0.dll, version 5.7.3.1, fault address 0x0014bc46.
Application [ Error ] 29/12/2010 11:04:31 AM Computer Name = DFY1752J | Source = Application Error | ID = 1001 -> Description = Fault bucket 2019923880.
System [ Error ] 09/12/2010 9:49:23 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 16/12/2010 11:21:55 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 22/12/2010 8:48:01 AM Computer Name = DFY1752J | Source = DCOM | ID = 10010 -> Description = The server {B366DEBE-645B-43A5-B865-DDD82C345492} did not register with DCOM within the required timeout.
System [ Error ] 23/12/2010 4:26:58 PM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
System [ Error ] 29/12/2010 11:39:25 AM Computer Name = DFY1752J | Source = Service Control Manager | ID = 7031 -> Description = The ESET Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
System [ Error ] 31/12/2010 6:36:28 AM Computer Name = DFY1752J | Source = DCOM | ID = 10016 -> Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID   {BA126AD1-2166-11D1-B1D0-00805FC1270E}   to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
 
[Files/Folders - Created Within 30 Days]
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:37 | 000,642,048 | ---- | C] (OldTimer Tools)
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:22 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2010/12/15 13:36:59 | 000,040,960 | ---- | C] (Microsoft Corporation)
 $hf_mig$ -> C:\WINDOWS\$hf_mig$ -> [2010/12/15 13:36:20 | 000,000,000 | -H-D | C]
 wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2010/12/15 13:36:04 | 000,045,568 | ---- | C] (Microsoft Corporation)
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | C] (Google Inc.)
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job -> [2010/12/31 22:13:00 | 000,000,968 | ---- | M] ()
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/31 21:22:32 | 000,095,477 | ---- | M] ()
 fssort.ini -> C:\Documents and Settings\Jay\Desktop\fssort.ini -> [2010/12/31 21:17:32 | 000,000,230 | -H-- | M] ()
 DataUpload.job -> C:\WINDOWS\tasks\DataUpload.job -> [2010/12/31 19:37:00 | 000,000,580 | -H-- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Jay\Desktop\Microsoft Word.lnk -> [2010/12/31 19:15:41 | 000,002,473 | ---- | M] ()
 Google Software Updater.job -> C:\WINDOWS\tasks\Google Software Updater.job -> [2010/12/31 17:51:22 | 000,000,868 | ---- | M] ()
 GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job -> [2010/12/31 17:13:00 | 000,000,916 | ---- | M] ()
 ConfigExec.job -> C:\WINDOWS\tasks\ConfigExec.job -> [2010/12/31 15:37:00 | 000,000,616 | -H-- | M] ()
 http examples.doc -> C:\Documents and Settings\Jay\Desktop\http examples.doc -> [2010/12/31 14:14:21 | 000,024,064 | ---- | M] ()
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/12/31 10:34:12 | 000,000,330 | -H-- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/12/31 10:31:59 | 000,002,206 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/12/31 10:31:02 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/12/31 10:31:00 | 3890,368,512 | -HS- | M] ()
 NewsID.doc -> C:\Documents and Settings\Jay\Desktop\NewsID.doc -> [2010/12/30 19:44:45 | 000,020,992 | ---- | M] ()
 OTS SCAN EXE.exe -> C:\Documents and Settings\Jay\Desktop\OTS SCAN EXE.exe -> [2010/12/29 20:32:47 | 000,642,048 | ---- | M] (OldTimer Tools)
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 16:00:01 | 000,059,825 | ---- | M] ()
 User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job -> [2010/12/29 10:53:46 | 000,000,388 | -H-- | M] ()
 EasyShare Registration Task.job -> C:\WINDOWS\tasks\EasyShare Registration Task.job -> [2010/12/28 12:47:01 | 000,000,432 | ---- | M] ()
 HijackThis.exe -> C:\Documents and Settings\Jay\Desktop\HijackThis.exe -> [2010/12/27 18:01:29 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/12/27 13:34:16 | 000,429,771 | R--- | M] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/27 13:32:50 | 000,024,576 | ---- | M] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:36 | 000,019,456 | ---- | M] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/24 19:23:23 | 000,029,696 | ---- | M] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | M] ()
 hosts.20101227-133416.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101227-133416.backup -> [2010/12/23 12:08:59 | 000,429,771 | R--- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/12/22 13:43:10 | 000,000,784 | ---- | M] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:53:19 | 000,019,456 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 hosts.20101223-120858.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101223-120858.backup -> [2010/12/18 10:17:43 | 000,429,105 | R--- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/15 13:44:01 | 000,372,872 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:39:05 | 000,001,393 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/12/15 13:20:44 | 000,442,466 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/12/15 13:20:44 | 000,071,732 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:35 | 000,000,779 | ---- | M] ()
 hosts.20101218-101742.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101218-101742.backup -> [2010/12/15 11:40:36 | 000,428,361 | R--- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/12/11 19:23:01 | 000,000,284 | ---- | M] ()
 Picasa 3.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> [2010/12/09 15:34:57 | 000,000,777 | ---- | M] ()
 hosts.20101215-114036.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101215-114036.backup -> [2010/12/09 14:39:42 | 000,428,361 | R--- | M] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | M] ()
 hosts.20101209-143941.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20101209-143941.backup -> [2010/12/02 11:25:10 | 000,428,073 | R--- | M] ()
 GPhotos.scr -> C:\WINDOWS\System32\GPhotos.scr -> [2010/12/02 03:35:18 | 004,280,320 | ---- | M] (Google Inc.)
 3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 .recently-used.xbel -> C:\Documents and Settings\Jay\.recently-used.xbel -> [2010/12/31 21:22:32 | 000,095,477 | ---- | C] ()
 NewsID.doc -> C:\Documents and Settings\Jay\Desktop\NewsID.doc -> [2010/12/30 19:36:13 | 000,020,992 | ---- | C] ()
 MAIL DELIVERY ONE reduced.jpg -> C:\Documents and Settings\Jay\Desktop\MAIL DELIVERY ONE reduced.jpg -> [2010/12/29 15:56:20 | 000,059,825 | ---- | C] ()
 To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> C:\Documents and Settings\Jay\Desktop\To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.doc -> [2010/12/27 17:51:10 | 000,019,968 | ---- | C] ()
 Sony CFDS05 Digital CD Radio Cassette Player.doc -> C:\Documents and Settings\Jay\Desktop\Sony CFDS05 Digital CD Radio Cassette Player.doc -> [2010/12/26 16:37:35 | 000,019,456 | ---- | C] ()
 Our recent three NIGHTS IN PARIS.doc -> C:\Documents and Settings\Jay\Desktop\Our recent three NIGHTS IN PARIS.doc -> [2010/12/23 21:47:24 | 000,029,696 | ---- | C] ()
 A CARD FOR DREW xmas 2010.doc -> C:\Documents and Settings\Jay\My Documents\A CARD FOR DREW xmas 2010.doc -> [2010/12/23 15:28:20 | 000,025,088 | ---- | C] ()
 FIXING THE FIX.doc -> C:\Documents and Settings\Jay\Desktop\FIXING THE FIX.doc -> [2010/12/21 18:51:27 | 000,019,456 | ---- | C] ()
 You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> C:\Documents and Settings\Jay\Desktop\You can not fight terrorism or street rioting young thugs with human rights legislation.doc -> [2010/12/16 22:15:47 | 000,024,576 | ---- | C] ()
 Launch Internet Explorer Browser.lnk -> C:\Documents and Settings\Jay\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2010/12/15 13:20:34 | 000,000,779 | ---- | C] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/15 13:19:30 | 000,001,393 | ---- | C] ()
 To Whom it May Concern tesco dec. 6,2010.doc -> C:\Documents and Settings\Jay\My Documents\To Whom it May Concern tesco dec. 6,2010.doc -> [2010/12/05 15:39:23 | 000,020,480 | ---- | C] ()
 kodakpcd.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\kodakpcd.ini -> [2010/01/07 14:13:42 | 000,000,022 | ---- | C] ()
 clear.log -> C:\Documents and Settings\Jay\Local Settings\Application Data\clear.log -> [2009/11/03 12:42:57 | 000,229,182 | ---- | C] ()
 Relax.ini -> C:\WINDOWS\Relax.ini -> [2008/06/06 17:31:59 | 000,000,052 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007/03/05 12:34:28 | 000,676,224 | ---- | C] ()
 Svclog.log -> C:\Documents and Settings\All Users\Application Data\Svclog.log -> [2007/02/21 12:01:37 | 000,838,514 | ---- | C] ()
 dvd.bmk -> C:\Documents and Settings\Jay\Application Data\dvd.bmk -> [2007/02/02 15:34:30 | 000,003,072 | ---- | C] ()
 vidx16.dll -> C:\WINDOWS\System32\vidx16.dll -> [2006/12/15 10:20:17 | 000,010,240 | ---- | C] ()
 SBTEDrv.sys -> C:\WINDOWS\System32\drivers\SBTEDrv.sys -> [2006/10/30 09:30:30 | 000,010,032 | ---- | C] ()
 YCRWin32.dll -> C:\WINDOWS\System32\YCRWin32.dll -> [2006/10/19 12:25:56 | 000,065,536 | ---- | C] ()
 UNRAR3.dll -> C:\WINDOWS\System32\UNRAR3.dll -> [2006/09/19 18:44:25 | 000,153,088 | ---- | C] ()
 dlccpmui.dll -> C:\WINDOWS\System32\dlccpmui.dll -> [2006/09/15 13:49:03 | 000,638,976 | ---- | C] ()
 dlccins.dll -> C:\WINDOWS\System32\dlccins.dll -> [2006/09/15 13:49:03 | 000,155,648 | ---- | C] ()
 dlccinsr.dll -> C:\WINDOWS\System32\dlccinsr.dll -> [2006/09/15 13:49:03 | 000,106,496 | ---- | C] ()
 dlcccomm.dll -> C:\WINDOWS\System32\dlcccomm.dll -> [2006/09/15 13:49:02 | 000,413,696 | ---- | C] ()
 dlccpplc.dll -> C:\WINDOWS\System32\dlccpplc.dll -> [2006/09/15 13:49:02 | 000,114,688 | ---- | C] ()
 dlccvs.dll -> C:\WINDOWS\System32\dlccvs.dll -> [2006/09/15 13:49:02 | 000,040,960 | ---- | C] ()
 dlccusb1.dll -> C:\WINDOWS\System32\dlccusb1.dll -> [2006/09/15 13:49:01 | 001,134,592 | ---- | C] ()
 dlcchbn3.dll -> C:\WINDOWS\System32\dlcchbn3.dll -> [2006/09/15 13:49:01 | 000,770,048 | ---- | C] ()
 dlcclmpm.dll -> C:\WINDOWS\System32\dlcclmpm.dll -> [2006/09/15 13:49:01 | 000,483,328 | ---- | C] ()
 dlccprox.dll -> C:\WINDOWS\System32\dlccprox.dll -> [2006/09/15 13:49:01 | 000,155,648 | ---- | C] ()
 dlccserv.dll -> C:\WINDOWS\System32\dlccserv.dll -> [2006/09/15 13:49:00 | 001,183,744 | ---- | C] ()
 dlcccomc.dll -> C:\WINDOWS\System32\dlcccomc.dll -> [2006/09/15 13:49:00 | 000,704,512 | ---- | C] ()
 dlccutil.dll -> C:\WINDOWS\System32\dlccutil.dll -> [2006/09/15 13:48:59 | 000,430,080 | ---- | C] ()
 dlcccu.dll -> C:\WINDOWS\System32\dlcccu.dll -> [2006/09/15 13:48:59 | 000,073,728 | ---- | C] ()
 dlcccur.dll -> C:\WINDOWS\System32\dlcccur.dll -> [2006/09/15 13:48:59 | 000,036,864 | ---- | C] ()
 dlccinsb.dll -> C:\WINDOWS\System32\dlccinsb.dll -> [2006/09/15 13:48:58 | 000,176,128 | ---- | C] ()
 dlcccub.dll -> C:\WINDOWS\System32\dlcccub.dll -> [2006/09/15 13:48:58 | 000,086,016 | ---- | C] ()
 dlccjswr.dll -> C:\WINDOWS\System32\dlccjswr.dll -> [2006/09/15 13:48:57 | 000,131,072 | ---- | C] ()
 dlcccfg.dll -> C:\WINDOWS\System32\dlcccfg.dll -> [2006/09/15 13:48:54 | 000,069,632 | ---- | C] ()
 libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2006/06/22 18:22:20 | 000,796,584 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/05/31 10:32:33 | 000,000,376 | ---- | C] ()
 VistaEmail.ini -> C:\WINDOWS\VistaEmail.ini -> [2006/05/30 20:45:17 | 000,000,042 | ---- | C] ()
 iltwain.ini -> C:\WINDOWS\iltwain.ini -> [2006/04/21 16:08:40 | 000,000,034 | ---- | C] ()
 msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2006/04/17 10:26:23 | 000,000,002 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Jay\Local Settings\Application Data\fusioncache.dat -> [2006/04/11 16:23:37 | 000,000,126 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Jay\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2006/03/25 15:09:47 | 000,020,480 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/03/19 11:40:09 | 000,000,061 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/03/19 11:38:07 | 000,000,126 | ---- | C] ()
 OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/03/19 11:12:30 | 000,000,475 | ---- | C] ()
 SDelete.dll -> C:\WINDOWS\System32\SDelete.dll -> [2005/11/02 09:39:16 | 000,040,960 | ---- | C] ()
 openports.dll -> C:\WINDOWS\System32\openports.dll -> [2005/11/02 09:39:16 | 000,024,924 | ---- | C] ()
 dlcccnv4.dll -> C:\WINDOWS\System32\dlcccnv4.dll -> [2005/04/01 10:44:16 | 000,061,440 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,891 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2004/06/09 11:19:20 | 000,000,000 | ---- | C] ()
 MSO97V.DLL -> C:\WINDOWS\System32\MSO97V.DLL -> [2002/12/09 23:00:00 | 001,708,032 | ---- | C] ()
 DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [2002/12/09 23:00:00 | 000,036,864 | ---- | C] ()
 MSORFS.DLL -> C:\WINDOWS\System32\MSORFS.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [2002/12/09 23:00:00 | 000,032,768 | ---- | C] ()
 webzone.dll -> C:\WINDOWS\System32\webzone.dll -> [1999/03/01 19:03:28 | 000,036,864 | ---- | C] ()
 oline.dll -> C:\WINDOWS\System32\oline.dll -> [1999/02/24 02:00:28 | 000,036,864 | ---- | C] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 18:46:58 | 000,065,536 | ---- | C] ()
 REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [1998/01/12 08:00:00 | 000,040,448 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 494 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
```


----------



## jayd (Mar 1, 2006)

Hi Jack This

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:05 PM, on 31/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jay\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=2.0&pass=836746Y8&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=2.0&pass=836746Y8&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wi...e&exversion=2.0&pass=836746Y8&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wi...xversion=2.0&pass=836746Y8&id=menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wi...exversion=2.0&pass=836746Y8&id=menu_ie_report
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O15 - Trusted Zone: http://s1.amazon.co.uk
O15 - Trusted Zone: http://www.amazon.co.uk
O15 - Trusted Zone: http://www.amazon.com
O15 - Trusted Zone: http://www.yahoo.americangreetings.com
O15 - Trusted Zone: http://*.antzinpantz.com
O15 - Trusted Zone: http://helpchat.att.net
O15 - Trusted Zone: http://webmail.att.net
O15 - Trusted Zone: http://www.att.net
O15 - Trusted Zone: http://www.barking-moonbat.com
O15 - Trusted Zone: http://ayankinkiwiland.blogspot.com
O15 - Trusted Zone: http://www.cnettv.com
O15 - Trusted Zone: http://forums.computeractive.co.uk
O15 - Trusted Zone: http://www.computeractive.co.uk
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.drpic.com
O15 - Trusted Zone: http://www.dvdvideosoft.com
O15 - Trusted Zone: http://www.emsisoft.com
O15 - Trusted Zone: http://www.foxnews.com
O15 - Trusted Zone: http://www.google.co.uk
O15 - Trusted Zone: http://computer.howstuffworks.com
O15 - Trusted Zone: http://www.humanevents.com
O15 - Trusted Zone: http://www.irs.gov
O15 - Trusted Zone: http://www.jacquielawson.com
O15 - Trusted Zone: http://www.jessops.com
O15 - Trusted Zone: http://www.kodak.com
O15 - Trusted Zone: http://wwwuk.kodak.com
O15 - Trusted Zone: http://www.kodakgallery.com
O15 - Trusted Zone: http://*.letterpop.com
O15 - Trusted Zone: http://cid-56193df6ff453161.home.services.spaces.live.com
O15 - Trusted Zone: http://memory.loc.gov
O15 - Trusted Zone: http://mail.lycos.com
O15 - Trusted Zone: http://www.memorexlive.com
O15 - Trusted Zone: http://by123fd.bay123.hotmail.msn.com
O15 - Trusted Zone: http://s144.photobucket.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.safer-networking.org
O15 - Trusted Zone: http://www.serif.com
O15 - Trusted Zone: http://www.shagjam.com
O15 - Trusted Zone: http://www1.snapfish.co.uk
O15 - Trusted Zone: http://www.techsupportguy.com
O15 - Trusted Zone: http://www.telegraph.co.uk
O15 - Trusted Zone: http://www.tesco.com
O15 - Trusted Zone: http://www.tescodigital.com
O15 - Trusted Zone: http://www.theothersideofkim.com
O15 - Trusted Zone: http://london.usembassy.gov
O15 - Trusted Zone: http://*.wiredness.com
O15 - Trusted Zone: http://online.wsj.com
O15 - Trusted Zone: http://news.zdnet.com
O15 - Trusted Zone: http://review.zdnet.com
O15 - Trusted Zone: http://download.zonelabs.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18373 bytes


----------



## Cookiegal (Aug 27, 2003)

Please run the *F-Secure Online Scanner*

Note: *You must use Internet Explorer for this scan!*


Accept the License Agreement. 
Once the ActiveX installs click *Full System Scan* 
Once the download completes, the scan will begin automatically. 
The scan will take some time to finish, so please be patient. 
When the scan completes, click the *Automatic cleaning (recommended)* button. 
Click the *Show Report* button and copy and paste the entire report in your next reply.


----------



## jayd (Mar 1, 2006)

Cookiegal said:


> Please run the *F-Secure Online Scanner*
> 
> Note: *You must use Internet Explorer for this scan!*
> 
> ...


----------



## jayd (Mar 1, 2006)

Cookiegal,
Hello.

God how I hate IE and when I have Firefox problems, I go to IE just to recall why I love FireFox even with a minor glitch or two. I've had unbelievable problems with IE lately, when some program must use it. And a stupid Zone Alarm tool bar that was designed by ppl who do not use computers. 
Sorry for the rant, frustrated. I seem to be running a pile of scans last couple days.
What are we looking for? 
I got the home page for the anti virus link you provided, but wasn't certain what link on the page.
I missed something. They also want me to register. Why is that?
Can I run another anti virus scanner with my ESET AV running in the background. Which it does.

OK, just found what was looking me straight in the eye. Jeesh.
The day started off with our newsagent missing one of our papers on the morning delivery. Oh joy, they're going to deliver our Sat. edition of The Mail on Sunday. Been a "fraught" day as WC Fields would say.


----------



## jayd (Mar 1, 2006)

Scanning Report
01 January 2011 6:59:51 PM - 7:49:39 PM
Computer name: DFY1752J 
Scanning type: Full scan 
Target: C:\ + system + rootkits 


--------------------------------------------------------------------------------

Result
No malware found 




--------------------------------------------------------------------------------

Statistics
Scanned: 
Files: 64825 
Not scanned: 2 
Result: 
Viruses: 0 
Spyware: 0 
Suspicious items: 0 
Riskware: 0 
Actions: 
Disinfected: 0 
Renamed: 0 
Deleted: 0 
Quarantined: 0 
Failed: 0 
Boot Sectors: 
Scanned: 2 
Infected: 0 
Suspicious items: 0 
Disinfected: 0 
Files not scanned: 
Cannot open file (click here for more info) C:\PAGEFILE.SYS 
Cannot open file (click here for more info) C:\HIBERFIL.SYS 


--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2011-01-01_01 
Spyware: 2011-01-01_01 
Scanning Engines: 
F-Secure Aquarius: 11.00.00, 2011-01-01 
F-Secure Hydra: 5.02.15, 2011-01-01 
F-Secure Gemini: 3.01.32, 2010-11-26 
F-Secure BlackLight: 2.04.1099, 2009-09-22 
Scanning options: 
Scan defined files: ANI ASP AX BAT BIN BOO CHM CMD COM CPL DLL DOC DOT DRV EML EXE HLP HTA HTM HTML HTT INF INI JOB JS JSE LNK LSP MDB MHT MPP MPT MSG MSO OCX PDF PHP PIF POT PPT RTF SCR SHS SWF SYS TD0 VBE VBS VXD WBK WMA WMV WMF WSC WSF WSH WRI XLS XLT XML ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX 
Scan inside archives 
Actions:
Viruses: Ask after scan 
Spyware: Ask after scan 
Show suspicious items after a full scan 

--------------------------------------------------------------------------------

Error information
"Cannot open file" error occurred:
The "Cannot open file" error message means that the scanner was unable to open a file and that this file was not scanned. You can normally ignore this error message as there are many reasons for this message that do not imply a security threat, including: 
The file was a system file. System files are protected by the operation system by design. You can ignore this message in this case. 
You do not have permission to read the file. To scan the file, log in with a user account with sufficient permissions (for example the computer's administrator account) and rescan. 
The file was in use by an application when the scan was performed. To scan this file, close all applications and rescan. 

--------------------------------------------------------------------------------

Copyright © 1998-2010 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


----------



## Cookiegal (Aug 27, 2003)

There is no need to send me e-mails. In fact, we need to keep everything here on the boards please.

So I understand you chose the wrong download and opted for the trial version of F-Secure and you say it uninstalled your paid anti-virus.

You just need to uninstall F-Secure and then reinstall your anti-virus program and activate it with the key you got when you purchased it.

Please post a new HijackThis log.


----------



## jayd (Mar 1, 2006)

Re: emails. Sorry. My mistake. 

Re: Trial version, yes. That was the only choice I saw. So I clicked on and did it. There didn't seem to me to be any other way. Also, I know we can't run two AVs at once. I tried to just disable but F-Secure still would not run unless I let it get rid of my AV.
HiJack will follow in a few minutes.


----------



## jayd (Mar 1, 2006)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:58 PM, on 01/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jay\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD2.dll
O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=2.0&pass=836746Y8&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=2.0&pass=836746Y8&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wi...e&exversion=2.0&pass=836746Y8&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wi...xversion=2.0&pass=836746Y8&id=menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wi...exversion=2.0&pass=836746Y8&id=menu_ie_report
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O15 - Trusted Zone: http://s1.amazon.co.uk
O15 - Trusted Zone: http://www.amazon.co.uk
O15 - Trusted Zone: http://www.amazon.com
O15 - Trusted Zone: http://www.yahoo.americangreetings.com
O15 - Trusted Zone: http://*.antzinpantz.com
O15 - Trusted Zone: http://helpchat.att.net
O15 - Trusted Zone: http://webmail.att.net
O15 - Trusted Zone: http://www.att.net
O15 - Trusted Zone: http://www.barking-moonbat.com
O15 - Trusted Zone: http://ayankinkiwiland.blogspot.com
O15 - Trusted Zone: http://www.cnettv.com
O15 - Trusted Zone: http://forums.computeractive.co.uk
O15 - Trusted Zone: http://www.computeractive.co.uk
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.drpic.com
O15 - Trusted Zone: http://www.dvdvideosoft.com
O15 - Trusted Zone: http://www.emsisoft.com
O15 - Trusted Zone: http://www.foxnews.com
O15 - Trusted Zone: http://www.google.co.uk
O15 - Trusted Zone: http://computer.howstuffworks.com
O15 - Trusted Zone: http://www.humanevents.com
O15 - Trusted Zone: http://www.irs.gov
O15 - Trusted Zone: http://www.jacquielawson.com
O15 - Trusted Zone: http://www.jessops.com
O15 - Trusted Zone: http://www.kodak.com
O15 - Trusted Zone: http://wwwuk.kodak.com
O15 - Trusted Zone: http://www.kodakgallery.com
O15 - Trusted Zone: http://*.letterpop.com
O15 - Trusted Zone: http://cid-56193df6ff453161.home.services.spaces.live.com
O15 - Trusted Zone: http://memory.loc.gov
O15 - Trusted Zone: http://mail.lycos.com
O15 - Trusted Zone: http://www.memorexlive.com
O15 - Trusted Zone: http://by123fd.bay123.hotmail.msn.com
O15 - Trusted Zone: http://s144.photobucket.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.safer-networking.org
O15 - Trusted Zone: http://www.serif.com
O15 - Trusted Zone: http://www.shagjam.com
O15 - Trusted Zone: http://www1.snapfish.co.uk
O15 - Trusted Zone: http://www.techsupportguy.com
O15 - Trusted Zone: http://www.telegraph.co.uk
O15 - Trusted Zone: http://www.tesco.com
O15 - Trusted Zone: http://www.tescodigital.com
O15 - Trusted Zone: http://www.theothersideofkim.com
O15 - Trusted Zone: http://london.usembassy.gov
O15 - Trusted Zone: http://*.wiredness.com
O15 - Trusted Zone: http://online.wsj.com
O15 - Trusted Zone: http://news.zdnet.com
O15 - Trusted Zone: http://review.zdnet.com
O15 - Trusted Zone: http://download.zonelabs.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17229 bytes


----------



## jayd (Mar 1, 2006)

Hope you won't mind this unrelated question.

What percentage do you allow for System Restore?


----------



## Cookiegal (Aug 27, 2003)

I have it set for the maximum of 12% which is the default value. You can reduce it but if you reduce it too much there might not be sufficient space and that could cause problems. It all depends on your configuration and resources.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## jayd (Mar 1, 2006)

Thank you for reply re. system restore %.
Quick question again. Are you using Windows 7? I've heard good things but don't believe my pc capable of upgrade. I see a new pc in my aging future.
OK, here's the HiJack info requested. Quite interesting. 
What are we looking for?

ABBYY FineReader 6.0 Sprint
Acoustica CD/DVD Label Maker
Acoustica Photos Forever
Ad Muncher v4.9 Build 32300
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ARTEuro
Ask Toolbar
ATI Control Panel
ATI Display Driver
Auslogics Disk Defrag
Bonjour
BT Broadband Desktop Help
BT Broadband Support Tools
BT Yahoo! Applications
BTHomeHub
BUM
CCScore
CinepPlayer 30 Update
ClearType Tuning Control Panel Applet
CodeStuff Starter
CPUID HWMonitor 1.16
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 924
Dell Support 5.0.0 (630)
DVDVideoSoft Toolbar
DVDVideoSoftTB Toolbar
EmailStripper 2.2
Error Messages for Windows
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Everything 1.2.1.371
FastStone Image Viewer 3.8 Beta
FirstCap 3.2
Free Audio CD Burner version 1.4
Free Audio Converter version 1.1
Free Audio Dub version 1.6
Free Studio version 4.2
Free YouTube Download 2.3
Free YouTube to MP3 Converter version 3.8
F-Secure Internet Security 2011
F-Secure PSC Prerequisites
Gadwin PrintScreen
GIMP 2.4.1
Google Updater
GoToAssist Corporate
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
ieSpell 2.2.0 (build 647)
Image Resizer Powertoy for Windows XP
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
KODAK Gallery Upload Software
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Automated Troubleshooting Services Shim
Microsoft Fix it Center
Microsoft Internet Explorer 5 PowerTweaks Web Accessory
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
netbrdg
Numedia CD-DVD writing as non-admin user
OfotoXMI
OpenOffice.org Installer 1.0
Photo Story 3 for Windows
Picasa 3
Presto System Auditor
QuickTime
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.4
staticcr
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
VC 9.0 Runtime
Viewpoint Media Player
VPRINTOL
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live SkyDrive Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell(TM) 1.0
WIRELESS
Yahoo! Software Update


----------



## Cookiegal (Aug 27, 2003)

I'm looking to see if Nod32 is still installed but it appears that it is not. I honestly don't understand how you downloaded the trial version of F-Secure instead of using the on-line scanner but you will have to uninstall F-Secure and reinstall your Nod32.

Also, please go to the Control Panel - Add or Remove Programs and uninstall these:

Ask Toolbar
DVDVideoSoft Toolbar
DVDVideoSoftTB Toolbar
Viewpoint Media Player

You should also uninstall the following as it's a breach of YouTube's Terms of Service to use them.

Free YouTube Download 2.3
Free YouTube to MP3 Converter version 3.8

Also, your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application.

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 23 *.
You will see four options, Java, JavaFX, NetBeans and Java EE. Under the first one (Java) you will see two links, JDK and JRE. Click on the JRE link.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 6u23 with JavaFX License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (*jre-6u23-windows-i586.exe*) and save it to your desktop. *Do NOT use the Sun Download Manager.*
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

These are the older versions of Java that you need to uninstall:

Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 22
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1

Once you've done all of the above, please post a new HijackThis log.

I'm not running Windows 7 but you can use the Windows 7 Upgrade Advisor to check to see if your system would be compatible at the following link:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1b544e90-7659-4bd9-9e51-2497c146af15


----------



## jayd (Mar 1, 2006)

Unaware of that video converter being illegal. That's a surprise.

Java .. ? Another surprise as when the Java icon appeared for an update awhile ago I clicked ok and never thought about it again.
Been away from the computer for a day or so, doctor yesterday and one today and more darn tests so be much later today before I can get to anything. Just booted to check mail and out the door for dr appointment. Needed to write here so you wouldn't think I quit .
I don't know how I goofed on the F-Secure thing but I uninstalled and put NOD32 back. With problems and now must call their Tech Support as scans with NOD freeze and quit.
I will do your stuff first later today.
Thanks again. JayD


----------



## jayd (Mar 1, 2006)

Cookiegal,
Am in process of complying re your request to remove items BUT, it would help me a lot if you could tell me why on some things. For example, on the VMP, why? It runs anytime I use greeting cards from AOL and I believe 123Greeting Cards . com. 
Also, you tell me to get rid of the ASK Toolbar. I don't have a tool bar by that name but ASK is an option in a dropdown box in the upper right of my desktop screen. At the moment it shows Google, which is the normal setting altho I have used ASK for some items.


----------



## jayd (Mar 1, 2006)

Hijack This shows a VideoSoft Toolbar but .... I uninstalled the entire suite. Or program or whatever it's called. Everything. I noticed there were items almost without number it seemed, that went along with that software that I never needed and never made use of. So why the toolbar shows is inexplicable. Video soft also showed in my start menu , could not delete so clicked remove from start window.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:41:46 PM, on 05/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Jay\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: BT Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=2.0&pass=836746Y8&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=2.0&pass=836746Y8&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wi...e&exversion=2.0&pass=836746Y8&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wi...xversion=2.0&pass=836746Y8&id=menu_ie_exclude
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Jay\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_wi...exversion=2.0&pass=836746Y8&id=menu_ie_report
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O15 - Trusted Zone: http://s1.amazon.co.uk
O15 - Trusted Zone: http://www.amazon.co.uk
O15 - Trusted Zone: http://www.amazon.com
O15 - Trusted Zone: http://www.yahoo.americangreetings.com
O15 - Trusted Zone: http://*.antzinpantz.com
O15 - Trusted Zone: http://helpchat.att.net
O15 - Trusted Zone: http://webmail.att.net
O15 - Trusted Zone: http://www.att.net
O15 - Trusted Zone: http://www.barking-moonbat.com
O15 - Trusted Zone: http://ayankinkiwiland.blogspot.com
O15 - Trusted Zone: http://www.cnettv.com
O15 - Trusted Zone: http://forums.computeractive.co.uk
O15 - Trusted Zone: http://www.computeractive.co.uk
O15 - Trusted Zone: http://www.download.com
O15 - Trusted Zone: http://www.drpic.com
O15 - Trusted Zone: http://www.dvdvideosoft.com
O15 - Trusted Zone: http://www.emsisoft.com
O15 - Trusted Zone: http://www.foxnews.com
O15 - Trusted Zone: http://www.google.co.uk
O15 - Trusted Zone: http://computer.howstuffworks.com
O15 - Trusted Zone: http://www.humanevents.com
O15 - Trusted Zone: http://www.irs.gov
O15 - Trusted Zone: http://www.jacquielawson.com
O15 - Trusted Zone: http://www.jessops.com
O15 - Trusted Zone: http://www.kodak.com
O15 - Trusted Zone: http://wwwuk.kodak.com
O15 - Trusted Zone: http://www.kodakgallery.com
O15 - Trusted Zone: http://*.letterpop.com
O15 - Trusted Zone: http://cid-56193df6ff453161.home.services.spaces.live.com
O15 - Trusted Zone: http://memory.loc.gov
O15 - Trusted Zone: http://mail.lycos.com
O15 - Trusted Zone: http://www.memorexlive.com
O15 - Trusted Zone: http://by123fd.bay123.hotmail.msn.com
O15 - Trusted Zone: http://s144.photobucket.com
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.safer-networking.org
O15 - Trusted Zone: http://www.serif.com
O15 - Trusted Zone: http://www.shagjam.com
O15 - Trusted Zone: http://www1.snapfish.co.uk
O15 - Trusted Zone: http://www.techsupportguy.com
O15 - Trusted Zone: http://www.telegraph.co.uk
O15 - Trusted Zone: http://www.tesco.com
O15 - Trusted Zone: http://www.tescodigital.com
O15 - Trusted Zone: http://www.theothersideofkim.com
O15 - Trusted Zone: http://london.usembassy.gov
O15 - Trusted Zone: http://*.wiredness.com
O15 - Trusted Zone: http://online.wsj.com
O15 - Trusted Zone: http://news.zdnet.com
O15 - Trusted Zone: http://review.zdnet.com
O15 - Trusted Zone: http://download.zonelabs.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17883 bytes


----------



## Cookiegal (Aug 27, 2003)

jayd said:


> Cookiegal,
> Am in process of complying re your request to remove items BUT, it would help me a lot if you could tell me why on some things. For example, on the VMP, why? It runs anytime I use greeting cards from AOL and I believe 123Greeting Cards . com.
> Also, you tell me to get rid of the ASK Toolbar. I don't have a tool bar by that name but ASK is an option in a dropdown box in the upper right of my desktop screen. At the moment it shows Google, which is the normal setting altho I have used ASK for some items.


Read here and the link "this note" about the Ask Toolbar. This is why we recommend removing it.

http://www.systemlookup.com/CLSID/56968-GenericAskToolbar_dll_GENERI_1_DLL.html

Viewpoint is considered foistware which means it gets installed without your knowledge. You have a built in Windows Media Player that can do the job.

What is the problem with Nod32? Is it showing any detections or error messages?


----------



## Cookiegal (Aug 27, 2003)

Also, all of the items shown as O15 in the HijackThis log are in the Trusted Zone. I assume you put those there intentionally? Why? This is a huge security risk as doing that gives the sites the right to by-pass all security measures in place on your computer. Even known good sites can have pages compromised. There should be no reason to have sites in the Trusted Zone except for troubleshooting purposes if you're having trouble accessing them. But if you're having trouble getting to a site the reason fro that should be found and rectified rather than placing a site in the Trusted Zone permanently.


----------



## jayd (Mar 1, 2006)

Re. Trusted zone and ask.com and nod32av

Gee Cookiegal ... I hadn't a clue. I was familiar with ask.com for a long time but never read anything bad about em. So this education is a first. But I don't have their tool bar. I am looking at the HiJack this page and am frankly overwhelmed. There is stuff showing that I was certain I'd removed long ago. For example, AT&T who I did trust and was with them for years till we moved overseas, and still I kept their email. But when they did something called a migration, (I guess plain English ain't good nuff) I lost the email account. So I uninstalled. I thought. There are a number of things there in trusted zone I trust but what happens if I remove the ones I trust implicitly? I know quite often Zone Alarm asks me if I want to allow something and I do where I know who they are. Like www.jacquielawson.com. I no longer have an account there and thought I'd uninstalled that. She's brilliant btw and quite an artist. I just don't know how to rid myself of some of the things I am now looking at. That video software , dvdvideosoft is still there but I think it's empty. There are some blogs, one of which I sometimes write for. There's Amazon dot com, I haven't a problem with them but on your say so I can remove. I've had an AMZN account from the beginning of the company. I don't think I put things in the trusted zone so much as allowed sites I went to offen to just be there. Amounts to the same I suppose.
The American Embassy is in the trusted zone. I don't know who drpic.com is but plan on looking it up. Our morning newspaper is there I think because I signed up for their on line newsletter.
I think some things just get there when I haven't put em in.

I am very curious about one thing however. In looking at all those sites in the trusted zone, a few have this * item beside the name. Why is that?

OK, so you're telling me to get rid of everything in the trusted zone. Plain enough. Scary thought but can do. Even sites run by people I personally know? Them as well?

NOD32, finally. My AV. Never managed to call tech today. Will do tomorrow. I can't complete a scan. It locks after a short time. Will go to 46 or 75 % done and then lock up.
NOD tried telling me upon reinstall, that F-Security was still on my pc. I don't see how.
Where? I looked, I did searches but found nothing. It was uninstalled. But obviously something is doing it so I guess I'll find out tomorrow.


----------



## jayd (Mar 1, 2006)

PS: and embarrassed to ask but. Is the trusted zone in my firewall? Cos what I see there isn't much. Been looking for the security tab but nothing in my browser (firefox) shows all those sites.
If I was ever there, I can' trecall how to go back and find.


----------



## Cookiegal (Aug 27, 2003)

The items in the Trusted Zone are not the same as "trusted" by your firewall. These are trusted in your browser, Internet Explorer. We can fix them all with HijackThis. They can always be put back if necessary.

The asterisk "*" means it's a wildcard, in other words anything could be inserted in place of the "*" and it would be trusted as well.

Please do this again:

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## jayd (Mar 1, 2006)

StartupList report, 06/01/2011, 2:53:23 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jay\Desktop\SHORTCUTS\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\Jay\Desktop\SHORTCUTS\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jay\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk.disabled

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry value not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SigmatelSysTrayApp = stsystra.exe
ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
DLCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
MSKDetectorExe = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
ArcSoft Connection Service = C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
btbb_McciTrayApp = "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
SBAutoUpdate = "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ISW = "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Google Update = "C:\Documents and Settings\Jay\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[>{d6201839-9c67-49d3-89f4-2c277b46aa17}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\ConduitEngine\ConduitEngine.dll - {30F9B915-B755-4826-820B-08FBA6BD249D}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\DVDVideoSoftTB\tbDVD2.dll - {872b5b88-9db5-4310-bdd0-ac189557e5f5}
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\ZoneAlarm_Security\tbZone.dll - {91da5e8a-3318-4f8c-b67e-5964de3ab546}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
ConfigExec.job
DataUpload.job
EasyShare Registration Task.job
Google Software Updater.job
GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006Core.job
GoogleUpdateTaskUserS-1-5-21-2759717361-3091317912-2750151619-1006UA.job
MP Scheduled Scan.job
User_Feed_Synchronization-{E54FF94D-3893-42A5-B6F9-EE26CF5E1FDA}.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Photobucket Publisher]
CODEBASE = http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSDE2C.OSD

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

[Microsoft PID Sniffer]
InProcServer32 = C:\WINDOWS\system32\odc.dll
CODEBASE = https://support.microsoft.com/OAS/ActiveX/odc.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[Snapfish Activia]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE = http://www.snapfish.co.uk/SnapfishUKActivia.cab

[UploadListView Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\UploaderX.dll
CODEBASE = http://picasaweb.google.co.uk/s/v/43.11/uploader2.cab

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231951123843

[Ofoto Upload Manager Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\axofupld.dll
CODEBASE = http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

[ICSScanner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICSScan.dll
CODEBASE = http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab

[Windows Live Photo Upload Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://cid-56193df6ff453161.spaces.live.com/PhotoUpload/MsnPUpld.cab

[Java Plug-in 1.6.0_23]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\HPGETD~1.OCX
CODEBASE = https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

[Creative Toolbox Plug-in]
InProcServer32 = C:\WINDOWS\system32\Crusher.dll
CODEBASE = http://ak.imgag.com/imgag/cp/install/Crusher.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab

[LycosMail Upload Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\LYCOSM~1.OCX
CODEBASE = http://mail.lycos.com/hanmail-ax/AttachMail.cab

[Java Plug-in 1.6.0_23]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

[Java Plug-in 1.6.0_23]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_23.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

[CTAdjust Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\clearadjust.dll
CODEBASE = http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

[Driver Agent ActiveX Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\driveragent.ocx
CODEBASE = http://driveragent.com/files/driveragent.cab

[PCPitstop Exam]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
CODEBASE = http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
ArcSoft Connect Daemon: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (autostart)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Apple Mobile Device: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
cpuz132: \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys (autostart)
cpuz133: \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
DLACDBHM: System32\Drivers\DLACDBHM.SYS (system)
DLADResN: System32\DLA\DLADResN.SYS (autostart)
DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
DLARTL_N: System32\Drivers\DLARTL_N.SYS (system)
DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
dlcc_device: C:\WINDOWS\system32\dlcccoms.exe -service (manual start)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (disabled)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DRVMCDB: System32\Drivers\DRVMCDB.SYS (system)
DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
Intel(R) PRO Network Connection Driver: system32\DRIVERS\e100b325.sys (manual start)
eamon: system32\DRIVERS\eamon.sys (autostart)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
ehdrv: system32\DRIVERS\ehdrv.sys (system)
ESET HTTP Server: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" (manual start)
ESET Service: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" (autostart)
epfwtdir: system32\DRIVERS\epfwtdir.sys (system)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
getPlus(R) Helper: %SystemRoot%\System32\svchost.exe -k getPlusHelper (manual start)
GoToAssist: "C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Software Updater: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
ZoneAlarm Toolbar ISWKL: \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (autostart)
ZoneAlarm Toolbar IswSvc: "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" (autostart)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft Automated Troubleshooting Service: "C:\Program Files\Microsoft Fix it Center\Matsvc.exe" (manual start)
McciCMService: "C:\Program Files\Common Files\Motive\McciCMService.exe" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
MREMP50 NDIS Protocol Driver: \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS (manual start)
MREMPR5 NDIS Protocol Driver: \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS (manual start)
MRENDIS5 NDIS Protocol Driver: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS (manual start)
MRESP50 NDIS Protocol Driver: \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (disabled)
getPlus(R) Helper 3004: %SystemRoot%\System32\svchost.exe -k nosGetPlusHelper (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SDDMI2: \??\C:\WINDOWS\system32\DDMI2.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SigmaTel High Definition Audio CODEC: system32\drivers\sthda.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
Usbscan: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Windows Presentation Foundation Font Cache 4.0.0.0: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Yahoo! Updater: "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 45,864 bytes
Report generated in 0.141 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## jayd (Mar 1, 2006)

Update 
About a half hour ago I got the AV up and running and scanned okay, Also found the left over software from F-Secure and deleted. Can't understand (and I'm not alone judging by letters to ed. in pc mags) why software left after uninstalls. Uninstalls should mean that or the makers of software need to rename to something like, uninstall, perhaps. 

A mix up, mine re. Ask.com. I confused it with Answers.com which is in that drop down box on my browser. Not Ask. But I still saw no actual tool bar for ask.
Thanks much for help. 
While I still don't know what that MSFT AV Override is all about or what it's supposed to do,
it doesn't look like a threat and could be one of those foul ups from Spybot S&D.


----------



## Cookiegal (Aug 27, 2003)

The Ask Toolbar was listed in the Add or Remove programs list. Is it no longer listed there? Could you please post a new HijackThis uninstall list?

Also, please export this registry key for me.

Go to *Start *- *Run *and copy and paste the following:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------

